diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-01-25 11:16:41 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-01-25 11:16:41 +0100 |
| commit | 29a1b13e7ac8f20512b7a066c351bad614998f83 (patch) | |
| tree | c4fa55710b91581ecf088c10d97ab62dae12f06b /test | |
| parent | 9e07a57566cc45bf92a845d8cee968d72e0f314e (diff) | |
Improved Plotly/Dash example. It is now somehow informative.
* TCP timeout after FIN/RST: switched back to the value from a35fc1d5ea8570609cc0c8cf6edadc81f8f5bb76
* py-flow-info: reset 'guessed' flag after detection/detection-update received
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test')
229 files changed, 2459 insertions, 2552 deletions
diff --git a/test/results/1kxun.pcap.out b/test/results/1kxun.pcap.out index a114c8faf..5439db3c4 100644 --- a/test/results/1kxun.pcap.out +++ b/test/results/1kxun.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"1kxun.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"1kxun.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1470104373025,"flow_last_seen":1470104373025,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104373025,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1470104373025,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104373025,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00582{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1470104373025,"flow_last_seen":1470104373025,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104373025,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} @@ -380,9 +380,6 @@ 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1470104402624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104402624,"pkt":"AQBef\/\/6bEAIlAI6CABFAACl1ocAAAERLO7AqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1470104402724,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1470104402724,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQADwkcU6wAjpJ6zfgAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1470104402724,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104402724,"pkt":"AQBeAAD8PKn0WgOECABFAAA3H1wAAAER9MnAqAPs4AAA\/PJ1FOsAI4uZs34AAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} -00571{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":1,"flow_first_seen":1470104403134,"flow_last_seen":1470104403134,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1470104403134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104403134,"pkt":"AQBeAAD8SNIkYzEACABFAAA2Ow0AAAER19nAqAUs4AAA\/OVOFOsAIo78hQUAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":1,"flow_first_seen":1470104403134,"flow_last_seen":1470104403134,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} @@ -496,9 +493,6 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1470104423247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1470104423247,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"} 00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1470104423248,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1470104423251,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} -00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104423322,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104423322,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1470104423322,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1470104424738,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104424738,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6MAAIARUUPAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} 00590{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}} @@ -545,7 +539,6 @@ 00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104432630,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1470104432728,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1470104432728,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD5GQU6wAjSCvt1AAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":1470104432728,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104432728,"pkt":"AQBeAAD8PKn0WgOECABFAAA3IDUAAAER8\/DAqAPs4AAA\/P\/YFOsAI0Pg7dQAAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1470104433387,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1470104433649,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1470104433649,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":9,"flow_first_seen":1470104381217,"flow_last_seen":1470104426277,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":2,"flow_first_seen":1470104399652,"flow_last_seen":1470104400059,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -613,6 +606,8 @@ 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -630,6 +625,10 @@ 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -666,6 +665,7 @@ 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} diff --git a/test/results/443-chrome.pcap.out b/test/results/443-chrome.pcap.out index 53e2850c9..457616b6a 100644 --- a/test/results/443-chrome.pcap.out +++ b/test/results/443-chrome.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":1581109434258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"} 00585{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} diff --git a/test/results/443-curl.pcap.out b/test/results/443-curl.pcap.out index 039db03ae..a186f8004 100644 --- a/test/results/443-curl.pcap.out +++ b/test/results/443-curl.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-curl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-curl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1581113120474,"flow_last_seen":1581113120474,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1581113120474,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113120474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1581113120474,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113120512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1581113120512,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="} diff --git a/test/results/443-firefox.pcap.out b/test/results/443-firefox.pcap.out index d096d9abf..e45c3856c 100644 --- a/test/results/443-firefox.pcap.out +++ b/test/results/443-firefox.pcap.out @@ -1,4 +1,4 @@ -00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1581109488041,"flow_last_seen":1581109488041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1581109488041,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109488041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1581109488041,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109488079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1581109488079,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="} diff --git a/test/results/443-git.pcap.out b/test/results/443-git.pcap.out index a3a6bc8fc..ea1c88b9c 100644 --- a/test/results/443-git.pcap.out +++ b/test/results/443-git.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1581113657633,"flow_last_seen":1581113657633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1581113657633,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113657633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1581113657633,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113657744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1581113657744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="} diff --git a/test/results/443-opvn.pcap.out b/test/results/443-opvn.pcap.out index f01cf1951..38c156ccc 100644 --- a/test/results/443-opvn.pcap.out +++ b/test/results/443-opvn.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-opvn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-opvn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1581153175528,"flow_last_seen":1581153175528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1581153175528,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581153175528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1581153175528,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581153175550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1581153175550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="} diff --git a/test/results/443-safari.pcap.out b/test/results/443-safari.pcap.out index 6d1dc52c5..6eb631161 100644 --- a/test/results/443-safari.pcap.out +++ b/test/results/443-safari.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1581109359601,"flow_last_seen":1581109359601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1581109359601,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109359601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1581109359601,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109359639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1581109359639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="} diff --git a/test/results/4in4tunnel.pcap.out b/test/results/4in4tunnel.pcap.out index f9b7f37ab..9aceeb261 100644 --- a/test/results/4in4tunnel.pcap.out +++ b/test/results/4in4tunnel.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00510{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"ts_msec":1537044271794,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} 00151{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","type":33024} 00510{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"ts_msec":1537058551803,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} diff --git a/test/results/4in6tunnel.pcap.out b/test/results/4in6tunnel.pcap.out index e10a5f08b..c8c9c7a8d 100644 --- a/test/results/4in6tunnel.pcap.out +++ b/test/results/4in6tunnel.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1543235434019,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00592{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}} diff --git a/test/results/6in4tunnel.pcap.out b/test/results/6in4tunnel.pcap.out index 2746986d7..fbbca3f6a 100644 --- a/test/results/6in4tunnel.pcap.out +++ b/test/results/6in4tunnel.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00523{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1444236893450,"flow_last_seen":1444236893450,"flow_idle_time":600000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1444236893450,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1444236893450,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1444236893450,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1444236893555,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1444236893555,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} diff --git a/test/results/6in6tunnel.pcap.out b/test/results/6in6tunnel.pcap.out index 042b6d768..a9a7bbdd3 100644 --- a/test/results/6in6tunnel.pcap.out +++ b/test/results/6in6tunnel.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1335197872162,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1335197872162,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"ts_msec":1335197872162,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQCABBPgABAAHAuCB\/\/5S\/\/8gAQT4AAQABwLggf\/+UpprYAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIPSWFhYWA=="} 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/BGP_Cisco_hdlc_slarp.pcap.out index 56cfd5f38..4b2197605 100644 --- a/test/results/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/BGP_Cisco_hdlc_slarp.pcap.out @@ -1,4 +1,4 @@ -00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1445156939131,"flow_last_seen":1445156939131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1445156939131,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1445156939131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"ts_msec":1445156939131,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1445156939145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"ts_msec":1445156939145,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"} diff --git a/test/results/BGP_redist.pcap.out b/test/results/BGP_redist.pcap.out index 133412543..baa8225c8 100644 --- a/test/results/BGP_redist.pcap.out +++ b/test/results/BGP_redist.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00522{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"ts_msec":1256636836167,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="} 00155{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3} diff --git a/test/results/EAQ.pcap.out b/test/results/EAQ.pcap.out index d95fd3de1..116ff0fda 100644 --- a/test/results/EAQ.pcap.out +++ b/test/results/EAQ.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"EAQ.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"EAQ.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00540{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1432820948562,"flow_last_seen":1432820948562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432820948562,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820948562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820948562,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820948566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820948566,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"} @@ -71,7 +71,6 @@ 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1432820967101,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820967101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGNXsAAAAAAAADdoADH2JAACQAA=="} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":1,"flow_first_seen":1432820968101,"flow_last_seen":1432820968101,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820968101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1432820968101,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820968101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGIaLAAAAAAAADdoADH5fAACQAA=="} -00546{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432820969101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":1,"flow_first_seen":1432820969101,"flow_last_seen":1432820969101,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820969101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1432820969101,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820969101,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGKbHAAAAAAAADdoADrlDAACQAA=="} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":1,"flow_first_seen":1432820970111,"flow_last_seen":1432820970111,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820970111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -94,7 +93,6 @@ 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1432820976471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820976471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB5FAAAAAQAADdwABkO1AACQAA=="} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1432820977471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820977471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPN5AAAAAQAADdwABkTIAACQAA=="} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1432820978471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820978471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNEoAAAAAQAADdwABmrPAACQAA=="} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"ts_msec":1432820979471,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1432820979471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820979471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLWJAAAAAQAADdwABpIHAACQAA=="} 00579{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820979565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1432820979565,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820979565,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJmsAAAAAQAADdwABpL7AACQAA=="} @@ -170,6 +168,7 @@ 00550{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -179,6 +178,7 @@ 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":5,"flow_first_seen":1432820951932,"flow_last_seen":1432821038152,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00550{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00548{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":5,"flow_first_seen":1432820953931,"flow_last_seen":1432821040151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/IEC104.pcap.out b/test/results/IEC104.pcap.out index 8133a315e..ff2494f24 100644 --- a/test/results/IEC104.pcap.out +++ b/test/results/IEC104.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"IEC104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"IEC104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1317629088495,"flow_last_seen":1317629088495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1317629088495,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1317629088495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1317629088495,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1317629088520,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/KakaoTalk_chat.pcap.out b/test/results/KakaoTalk_chat.pcap.out index 482670781..8ab5e6d37 100644 --- a/test/results/KakaoTalk_chat.pcap.out +++ b/test/results/KakaoTalk_chat.pcap.out @@ -1,4 +1,4 @@ -00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069021959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069021959,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="} 00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -177,13 +177,8 @@ 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1430069048642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069048642,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkakAAjgapGtJn8A8KGFK8AbulXNdU3uvmK0ykUBSkj1vNAAA="} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"ts_msec":1430069049770,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUZ0AAQAZSqgoYUrytwki8h34UbGWkOWcyCtXvgBgB12cmAAABAQgKAAKaQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":313,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069055157,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":313,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069055157,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":313,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1430069055157,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":313,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1430069055157,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"ts_msec":1430069060011,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkUAAQAbmZgoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="} -00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":334,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1430069068248,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1430069072945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1430069072945,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTTnkAAQAbVigoYUrw2\/\/3H5i8UZ+uf0YYGiXPCgBQCY5HBAAABAQgKAAKjTTTnT0k="} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":1,"flow_first_seen":1430069072986,"flow_last_seen":1430069072986,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1430069072986,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1430069072986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069072986,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="} @@ -206,6 +201,8 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} @@ -214,10 +211,13 @@ 00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} 00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} diff --git a/test/results/KakaoTalk_talk.pcap.out b/test/results/KakaoTalk_talk.pcap.out index 2c2c912fe..573f43b05 100644 --- a/test/results/KakaoTalk_talk.pcap.out +++ b/test/results/KakaoTalk_talk.pcap.out @@ -1,4 +1,4 @@ -00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1430069140120,"flow_last_seen":1430069140120,"flow_idle_time":7440000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":1,"ts_msec":1430069140120,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069140120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"ts_msec":1430069140120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430069140453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1430069140453,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="} @@ -35,8 +35,6 @@ 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1430069165115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1430069165115,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="} 00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01141{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"ts_msec":1430069170090,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} @@ -61,9 +59,6 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1430069172127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"ts_msec":1430069172127,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGhH\/\/AHJAa4KGFK8WgcoHQBqY8SByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"ts_msec":1430069180329,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkkAAQAbmZQoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1304,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069190113,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1304,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069190113,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1304,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069190113,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069193291,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069193291,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACg66EAAjgYtFq38egEKGFK8AbvLm\/Ii35zxwsMTUBSkcjKfAAA="} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":1,"flow_first_seen":1430069201833,"flow_last_seen":1430069201833,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1430069201833,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} @@ -95,10 +90,15 @@ 00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} 00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} diff --git a/test/results/NTPv2.pcap.out b/test/results/NTPv2.pcap.out index 3c087bfbb..f874b09e2 100644 --- a/test/results/NTPv2.pcap.out +++ b/test/results/NTPv2.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865383632,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"ts_msec":1436865383632,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00579{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}} diff --git a/test/results/NTPv3.pcap.out b/test/results/NTPv3.pcap.out index 0ae4410c7..41bf5e10a 100644 --- a/test/results/NTPv3.pcap.out +++ b/test/results/NTPv3.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865405371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1436865405371,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"} 00576{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}} diff --git a/test/results/NTPv4.pcap.out b/test/results/NTPv4.pcap.out index cde419326..77ebde97b 100644 --- a/test/results/NTPv4.pcap.out +++ b/test/results/NTPv4.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv4.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv4.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865396190,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1436865396190,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"} 00576{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}} diff --git a/test/results/Oscar.pcap.out b/test/results/Oscar.pcap.out index 1b4dec3b2..68d2a23d8 100644 --- a/test/results/Oscar.pcap.out +++ b/test/results/Oscar.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"Oscar.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"Oscar.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1434606464176,"flow_last_seen":1434606464176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1434606464176,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434606464176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1434606464176,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434606464205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1434606464205,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"} diff --git a/test/results/WebattackRCE.pcap.out b/test/results/WebattackRCE.pcap.out index 40087636f..b0cb99373 100644 --- a/test/results/WebattackRCE.pcap.out +++ b/test/results/WebattackRCE.pcap.out @@ -1,4 +1,4 @@ -00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackRCE.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackRCE.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1576420276577,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} 00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}} diff --git a/test/results/WebattackSQLinj.pcap.out b/test/results/WebattackSQLinj.pcap.out index 2b1e24e89..1b3f32cc3 100644 --- a/test/results/WebattackSQLinj.pcap.out +++ b/test/results/WebattackSQLinj.pcap.out @@ -1,4 +1,4 @@ -00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1499348407419,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348407419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348407419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348407419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="} @@ -14,15 +14,11 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1499348422024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348422024,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWik93fQ\/YF3h6AScSCBYAAAAgQFtAQCCAoD6EWjAT50MAEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1499348422025,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348422025,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7dAAD4GwiGsEAABwKgKMo1oAFD9gXeHpPd30YAQAOUgaAAAAQEICgE+dDAD6EWj"} 00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1499348433464,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1499348433464,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348433464,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348433464,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WwtAAD4GasWsEAABwKgKMo1qAFDC1CRXAAAAAKACchBpgwAAAgQFtAQCCAoBPn9cAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348433464,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWqDJLV7wtQkWKAScSDdCgAAAgQFtAQCCAoD6FDPAT5\/XAEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1499348433465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348433465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WwxAAD4GasysEAABwKgKMo1qAFDC1CRYgyS1fIAQAOV8EgAAAQEICgE+f1wD6FDP"} 00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1499348467295,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348467295,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NrBAAD4GjyCsEAABwKgKMo1sAFAXzJbWAAAAAKACchCBAAAAAgQFtAQCCAoBPqBmAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348467295,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWwuedQjF8yW16AScSAJgQAAAgQFtAQCCAoD6HHZAT6gZgEDAwc="} @@ -33,13 +29,11 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499348480992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348480992,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjW5ct+zHa8WPb6AScSBbSwAAAgQFtAQCCAoD6H85AT6txgEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1499348480993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348480993,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqlAAD4Goy+sEAABwKgKMo1uAFBrxY9vXLfsyIAQAOX6UQAAAQEICgE+rccD6H85"} 00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1499348494345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1499348494345,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348494345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348494345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SndAAD4Ge1msEAABwKgKMo1wAFAblvCmAAAAAKACchAI9wAAAgQFtAQCCAoBPrrRAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348494345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXBGdqbdG5bwp6AScSCMVgAAAgQFtAQCCAoD6IxDAT660QEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499348494346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348494346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnhAAD4Ge2CsEAABwKgKMo1wAFAblvCnRnam3oAQAOUrXgAAAQEICgE+utED6IxD"} 00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1499348506489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":1,"flow_first_seen":1499348506489,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348506489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348506489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMo1yAFDHw0SlAAAAAKACchD87AAAAgQFtAQCCAoBPsatAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348506489,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXIW0CP4x8NEpqAScSAm\/AAAAgQFtAQCCAoD6JgfAT7GrQEDAwc="} @@ -50,6 +44,12 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499348514064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348514064,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXSy4nMxu5B6a6AScSADUQAAAgQFtAQCCAoD6J+FAT7OEgEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499348514065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348514065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tHlAAD4GEV+sEAABwKgKMo10AFC7kHprsuJzMoAQAOWiVwAAAQEICgE+zhMD6J+F"} 00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/WebattackXSS.pcap.out b/test/results/WebattackXSS.pcap.out index ac931d517..ad90ea0f0 100644 --- a/test/results/WebattackXSS.pcap.out +++ b/test/results/WebattackXSS.pcap.out @@ -1,4 +1,4 @@ -00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackXSS.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackXSS.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1499346935283,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346935283,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346935283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346935283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="} @@ -33,13 +33,6 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499346957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346957283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy\/7+F1DJk3pVMKAScSDJ8AAAAgQFtAQCCAoD4q86ATjdwwEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499346957284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499346957284,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0F6xAAD4GriysEAABwKgKMsv8AFD6Ecppc0a7\/oAQAOWsxgAAAQEICgE43cMD4q86"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1499346957284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499346957284,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iO1AAD4GPOusEAABwKgKMsv+AFCTelUw\/hdQyoAQAOVo+AAAAQEICgE43cMD4q86"} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":30,"flow_first_seen":1499346935283,"flow_last_seen":1499346941359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7240,"flow_tot_l4_payload_len":15748,"flow_avg_l4_payload_len":524,"midstream":0,"ts_msec":1499346976603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346976603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346976603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346976603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346976603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346976603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346976603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":1,"flow_first_seen":1499346976603,"flow_last_seen":1499346976603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346976603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499346976603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346976603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Un9AAD4Gc1GsEAABwKgKMsxKAFAevqLeAAAAAKACchDe8gAAAgQFtAQCCAoBOPChAAAAAAEDAwc="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499346976603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346976603,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEoKnmxhHr6i36AScSCi1wAAAgQFtAQCCAoD4sIYATjwoQEDAwc="} @@ -71,13 +64,6 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1499346985762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346985762,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8k7hAAD4GMhisEAABwKgKMsy+AFBA2morAAAAAKACchDsIwAAAgQFtAQCCAoBOPmTAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1499346985762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346985762,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzL4AEHgfQNpqLKAScSCl5gAAAgQFtAQCCAoD4ssKATj5kwEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1499346985762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499346985762,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0k7lAAD4GMh+sEAABwKgKMsy+AFBA2mosABB4IIAQAOVE7gAAAQEICgE4+ZMD4ssK"} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":212,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":33,"flow_first_seen":1499346956870,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7926,"flow_tot_l4_payload_len":16625,"flow_avg_l4_payload_len":503,"midstream":0,"ts_msec":1499346986801,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":212,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346986801,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":212,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346986801,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":212,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346986801,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":212,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346986801,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":212,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346986801,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":212,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346986801,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":1,"flow_first_seen":1499346988319,"flow_last_seen":1499346988319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346988319,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1499346988319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346988319,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NptAAD4GjzWsEAABwKgKMszYAFB2NsqJAAAAAKACchBT0AAAAgQFtAQCCAoBOPwSAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1499346988319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346988319,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzNhVLB2odjbKiqAScSAQbwAAAgQFtAQCCAoD4s2JATj8EgEDAwc="} @@ -122,10 +108,6 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1499347006233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347006233,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WV1AAD4GbHOsEAABwKgKMs2UAFDN5FTMAAAAAKACchBfpAAAAgQFtAQCCAoBOQ2RAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1499347006233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347006233,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzZSBD41szeRUzaAScSBvHQAAAgQFtAQCCAoD4t8HATkNkQEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1499347006234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347006234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WV5AAD4GbHqsEAABwKgKMs2UAFDN5FTNgQ+NbYAQAOUOJQAAAQEICgE5DZED4t8H"} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":13,"flow_first_seen":1499346976677,"flow_last_seen":1499346982914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5330,"flow_tot_l4_payload_len":6852,"flow_avg_l4_payload_len":527,"midstream":0,"ts_msec":1499347007246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":10,"flow_first_seen":1499346976999,"flow_last_seen":1499346982906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1707,"flow_tot_l4_payload_len":2065,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1499347007246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347007246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347007246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":1,"flow_first_seen":1499347007496,"flow_last_seen":1499347007496,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347007496,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1499347007496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347007496,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8xEhAAD4GAYisEAABwKgKMs2iAFDPCcqEAAAAAKACchDnfQAAAgQFtAQCCAoBOQ7MAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1499347007496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347007496,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzaKR1tjLzwnKhaAScSCZlAAAAgQFtAQCCAoD4uBDATkOzAEDAwc="} @@ -150,16 +132,6 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1499347016455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347016455,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hwdAAD4GPsmsEAABwKgKMs4AAFB8BZCLAAAAAKACchBrXQAAAgQFtAQCCAoBOReMAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1499347016455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347016455,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzgBumELLfAWQjKAScSDN8gAAAgQFtAQCCAoD4ukDATkXjAEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1499347016455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347016455,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hwhAAD4GPtCsEAABwKgKMs4AAFB8BZCMbphCzIAQAOVs+gAAAQEICgE5F4wD4ukD"} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":1,"flow_first_seen":1499347017745,"flow_last_seen":1499347017745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347017745,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1499347017745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347017745,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p+RAAD4GHeysEAABwKgKMs4OAFCFw78rAAAAAKACchAxrgAAAgQFtAQCCAoBORjPAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1499347017745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347017745,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzg5V15svhcO\/LKAScSBTXgAAAgQFtAQCCAoD4upFATkYzwEDAwc="} @@ -180,20 +152,6 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1499347025509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347025509,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MX5AAD4GlFKsEAABwKgKMs5eAFDxhxEaAAAAAKACchBsFgAAAgQFtAQCCAoBOSBkAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1499347025510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347025510,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzl7gFzLu8YcRG6AScSBkMQAAAgQFtAQCCAoD4vHbATkgZAEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1499347025510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347025510,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MX9AAD4GlFmsEAABwKgKMs5eAFDxhxEb4Bcy74AQAOUDOQAAAQEICgE5IGQD4vHb"} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347027615,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":1,"flow_first_seen":1499347028086,"flow_last_seen":1499347028086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347028086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1499347028086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347028086,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aaVAAD4GXCusEAABwKgKMs54AFBiKUtNAAAAAKACchC+owAAAgQFtAQCCAoBOSLoAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1499347028086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347028086,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQznggYwiEYilLTqAScSCeWQAAAgQFtAQCCAoD4vRfATki6AEDAwc="} @@ -219,16 +177,6 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1499347035750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347035750,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzsrSHYegyOoSC6AScSAwugAAAgQFtAQCCAoD4vvbATkqZAEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1499347035751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347035751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OG9AAD4GjWmsEAABwKgKMs7KAFDI6hIL0h2HoYAQAOXPwQAAAQEICgE5KmQD4vvb"} 00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":4,"flow_first_seen":1499347033203,"flow_last_seen":1499347037012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347037012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038027,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038027,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038027,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038027,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038027,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038027,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038027,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038027,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038027,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038027,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":1,"flow_first_seen":1499347038276,"flow_last_seen":1499347038276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038276,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1499347038276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347038276,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83pNAAD4G5zysEAABwKgKMs7kAFBDY\/JIAAAAAKACchAsDwAAAgQFtAQCCAoBOSzbAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1499347038276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347038276,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzuS5pPWWQ2PySaAScSB7fQAAAgQFtAQCCAoD4v5SATks2wEDAwc="} @@ -253,18 +201,6 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1499347047249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347047249,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rOxAAD4GGOSsEAABwKgKMs9CAFBNBJlzAAAAAKACchByIQAAAgQFtAQCCAoBOTWfAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1499347047249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347047249,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz0I8cGwCTQSZdKAScSC\/lQAAAgQFtAQCCAoD4wcVATk1nwEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1499347047250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347047250,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rO1AAD4GGOusEAABwKgKMs9CAFBNBJl0PHBsA4AQAOVenQAAAQEICgE5NZ8D4wcV"} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":1,"flow_first_seen":1499347048548,"flow_last_seen":1499347048548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347048548,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1499347048548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347048548,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rW1AAD4GGGOsEAABwKgKMs9QAFDoOZuOAAAAAKACchDTfgAAAgQFtAQCCAoBOTbjAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1499347048548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347048548,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz1DxNtWr6Dmbj6AScSABPgAAAgQFtAQCCAoD4whaATk24wEDAwc="} @@ -289,17 +225,6 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1499347057628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347057628,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yDFAAD4G\/Z6sEAABwKgKMs+uAFAuuffwAAAAAKACchAnYQAAAgQFtAQCCAoBOT\/BAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1499347057628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347057628,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz662huYkLrn38aAScSB2eQAAAgQFtAQCCAoD4xE4ATk\/wQEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1499347057628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347057628,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yDJAAD4G\/aWsEAABwKgKMs+uAFAuuffxtobmJYAQAOUVgAAAAQEICgE5P8ID4xE4"} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":315,"flow_first_seen":1499346976603,"flow_last_seen":1499347036773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4344,"flow_tot_l4_payload_len":231560,"flow_avg_l4_payload_len":735,"midstream":0,"ts_msec":1499347058653,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":1,"flow_first_seen":1499347060176,"flow_last_seen":1499347060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347060176,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1499347060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347060176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TeFAAD4Gd++sEAABwKgKMs\/IAFAgqg\/fAAAAAKACchAa6wAAAgQFtAQCCAoBOUI+AAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1499347060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347060176,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz8g7I8+hIKoP4KAScSD5bAAAAgQFtAQCCAoD4xO1ATlCPgEDAwc="} @@ -320,18 +245,13 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1499347066560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347066560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zkNAAD4G94ysEAABwKgKMtAMAFBP5YY5AAAAAKACchBu1QAAAgQFtAQCCAoBOUh6AAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1499347066560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347066560,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Ax\/i5rPT+WGOqAScSA3hQAAAgQFtAQCCAoD4xnxATlIegEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1499347066560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347066560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zkRAAD4G95OsEAABwKgKMtAMAFBP5YY6f4ua0IAQAOXWiwAAAQEICgE5SHsD4xnx"} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":30,"flow_first_seen":1499346935283,"flow_last_seen":1499346941359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7240,"flow_tot_l4_payload_len":15748,"flow_avg_l4_payload_len":524,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":1,"flow_first_seen":1499347069146,"flow_last_seen":1499347069146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347069146,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1499347069146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347069146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8xkJAAD4G\/42sEAABwKgKMtAmAFBk4I1DAAAAAKACchBQLwAAAgQFtAQCCAoBOUsBAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1499347069146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347069146,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0CYp21tPZOCNRKAScSCriAAAAgQFtAQCCAoD4xx4ATlLAQEDAwc="} @@ -356,16 +276,6 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1499347078168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347078168,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VtlAAD4GbvesEAABwKgKMtCEAFCbYgUIAAAAAKACchCYugAAAgQFtAQCCAoBOVPRAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1499347078168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347078168,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0IRJPKyYm2IFCaAScSB6mgAAAgQFtAQCCAoD4yVHATlT0QEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1499347078169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347078169,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VtpAAD4Gbv6sEAABwKgKMtCEAFCbYgUJSTysmYAQAOUZogAAAQEICgE5U9ED4yVH"} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079200,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079200,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079200,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079200,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079200,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079200,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079200,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079200,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079200,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079200,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":1,"flow_first_seen":1499347079449,"flow_last_seen":1499347079449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347079449,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1499347079449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347079449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81tZAAD4G7vmsEAABwKgKMtCSAFDwQYPHAAAAAKACchDDzQAAAgQFtAQCCAoBOVURAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1499347079449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347079449,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0JKY6hHr8EGDyKAScSDvawAAAgQFtAQCCAoD4yaIATlVEQEDAwc="} @@ -394,18 +304,13 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1499347088552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347088552,"pkt":"ABm5CmnxAMGxFOsxCABFAAA892FAAD4Gzm6sEAABwKgKMtDyAFAECKqUAAAAAKACchB\/9gAAAgQFtAQCCAoBOV31AAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1499347088552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347088552,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0PJdbGlkBAiqlaAScSCGtgAAAgQFtAQCCAoD4y9rATld9QEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1499347088553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347088553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA092JAAD4GznWsEAABwKgKMtDyAFAECKqVXWxpZYAQAOUlvgAAAQEICgE5XfUD4y9r"} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":33,"flow_first_seen":1499346956870,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7926,"flow_tot_l4_payload_len":16625,"flow_avg_l4_payload_len":503,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":1,"flow_first_seen":1499347091102,"flow_last_seen":1499347091102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347091102,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1499347091102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347091102,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uhVAAD4GC7usEAABwKgKMtEMAFDkONpnAAAAAKACchBtWwAAAgQFtAQCCAoBOWByAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1499347091102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347091102,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0QySpl9e5DjaaKAScSBGaQAAAgQFtAQCCAoD4zHpATlgcgEDAwc="} @@ -430,18 +335,6 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1499347098746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347098746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gixAAD4GQ6SsEAABwKgKMtFeAFA\/7+XFAAAAAKACchD+fQAAAgQFtAQCCAoBOWfpAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1499347098746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347098746,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0V6c5l18P+\/lxqAScSDHtgAAAgQFtAQCCAoD4zlgATln6QEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1499347098747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347098747,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gi1AAD4GQ6usEAABwKgKMtFeAFA\/7+XGnOZdfYAQAOVmvgAAAQEICgE5Z+kD4zlg"} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347099639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":1,"flow_first_seen":1499347101314,"flow_last_seen":1499347101314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347101314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1499347101314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347101314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HlBAAD4Gp4CsEAABwKgKMtF4AFDPTHQ7AAAAAKACchDeDgAAAgQFtAQCCAoBOWprAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1499347101314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347101314,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0XjCGItuz0x0PKAScSBRoQAAAgQFtAQCCAoD4zviATlqawEDAwc="} @@ -463,18 +356,24 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1499347107719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347107719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GMdAAD4GrQmsEAABwKgKMtG8AFANSWhrAAAAAKACchClXQAAAgQFtAQCCAoBOXCsAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1499347107719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347107719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0byrN2AMDUlobKAScSBU8gAAAgQFtAQCCAoD40IjATlwrAEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1499347107720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347107720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GMhAAD4GrRCsEAABwKgKMtG8AFANSWhsqzdgDYAQAOXz+AAAAQEICgE5cK0D40Ij"} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":13,"flow_first_seen":1499346976677,"flow_last_seen":1499346982914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5330,"flow_tot_l4_payload_len":6852,"flow_avg_l4_payload_len":527,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":10,"flow_first_seen":1499346976999,"flow_last_seen":1499346982906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1707,"flow_tot_l4_payload_len":2065,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":1,"flow_first_seen":1499347110266,"flow_last_seen":1499347110266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110266,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1499347110266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347110266,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u39AAD4GClGsEAABwKgKMtHWAFDeH8hWAAAAAKACchByBAAAAgQFtAQCCAoBOXMpAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1499347110266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347110266,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0dbJG1vv3h\/IV6AScSAFVQAAAgQFtAQCCAoD40SgATlzKQEDAwc="} @@ -499,18 +398,18 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1499347119336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347119336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AVBAAD4GxICsEAABwKgKMtI0AFAiVX1VAAAAAKACchBvlgAAAgQFtAQCCAoBOXwFAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1499347119336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347119336,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0jRzeBsiIlV9VqAScSCQfAAAAgQFtAQCCAoD4017ATl8BQEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":1499347119336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347119336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AVFAAD4GxIesEAABwKgKMtI0AFAiVX1Wc3gbI4AQAOUvhAAAAQEICgE5fAUD4017"} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":1,"flow_first_seen":1499347120603,"flow_last_seen":1499347120603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1499347120603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347120603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA815JAAD4G7j2sEAABwKgKMtJCAFDFAarTAAAAAKACchCeIQAAAgQFtAQCCAoBOX1BAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1499347120603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347120603,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0kIa0KsLxQGq1KAScSCGiQAAAgQFtAQCCAoD4064ATl9QQEDAwc="} @@ -535,15 +434,16 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1499347129584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347129584,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rtVAAD4GFvusEAABwKgKMtKgAFDfKCjSAAAAAKACchD81wAAAgQFtAQCCAoBOYYHAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1499347129584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347129584,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0qA\/BA1B3ygo06AScSBWEQAAAgQFtAQCCAoD41d9ATmGBwEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1499347129585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347129585,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rtZAAD4GFwKsEAABwKgKMtKgAFDfKCjTPwQNQoAQAOX1GAAAAQEICgE5hgcD41d9"} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":310,"flow_first_seen":1499347033203,"flow_last_seen":1499347101320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232677,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":1,"flow_first_seen":1499347132137,"flow_last_seen":1499347132137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347132137,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1499347132137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347132137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pedAAD4GH+msEAABwKgKMtK6AFAZEC1iAAAAAKACchC7yAAAAgQFtAQCCAoBOYiFAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1499347132137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347132137,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0rps\/2\/vGRAtY6AScSCB2QAAAgQFtAQCCAoD41n8ATmIhQEDAwc="} @@ -564,20 +464,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1499347138552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347138552,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8erdAAD4GSxmsEAABwKgKMtL+AFByz\/R+AAAAAKACchCUZAAAAgQFtAQCCAoBOY7JAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1499347138552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347138552,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0v61vhLmcs\/0f6AScSBofAAAAgQFtAQCCAoD42A\/ATmOyQEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1499347138553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347138553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0erhAAD4GSyCsEAABwKgKMtL+AFByz\/R\/tb4S54AQAOUHhAAAAQEICgE5jskD42A\/"} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":1,"flow_first_seen":1499347141111,"flow_last_seen":1499347141111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347141111,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1499347141111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347141111,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OEpAAD4GjYasEAABwKgKMtMYAFBIRqkCAAAAAKACchAH0QAAAgQFtAQCCAoBOZFIAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1499347141111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347141111,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0xgJZZF8SEapA6AScSAHLAAAAgQFtAQCCAoD42K\/ATmRSAEDAwc="} @@ -602,16 +500,17 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1499347150236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347150236,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ESlAAD4GtKesEAABwKgKMtN2AFB3vosbAAAAAKACchDs9wAAAgQFtAQCCAoBOZoyAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1499347150236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347150236,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ03aiL1kKd76LHKAScSCDEQAAAgQFtAQCCAoD42uoATmaMgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1499347150237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347150237,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ESpAAD4GtK6sEAABwKgKMtN2AFB3voscoi9ZC4AQAOUiGQAAAQEICgE5mjID42uo"} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":315,"flow_first_seen":1499346976603,"flow_last_seen":1499347036773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4344,"flow_tot_l4_payload_len":231560,"flow_avg_l4_payload_len":735,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":1,"flow_first_seen":1499347151520,"flow_last_seen":1499347151520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151520,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1499347151520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347151520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82ilAAD4G66asEAABwKgKMtOEAFDVpkFaAAAAAKACchDXgQAAAgQFtAQCCAoBOZtzAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1499347151520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347151520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ04RMTDZ61aZBW6AScSDkzQAAAgQFtAQCCAoD42zpATmbcwEDAwc="} @@ -636,18 +535,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1499347160581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347160581,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eT9AAD4GTJGsEAABwKgKMtPiAFBG+91zAAAAAKACchDA3AAAAgQFtAQCCAoBOaRMAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1499347160581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347160581,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0+J0ull0RvvddKAScSB55wAAAgQFtAQCCAoD43XCATmkTAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1499347160582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347160582,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eUBAAD4GTJisEAABwKgKMtPiAFBG+910dLpZdYAQAOUY7wAAAQEICgE5pEwD43XC"} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packets_processed":1,"flow_first_seen":1499347163177,"flow_last_seen":1499347163177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347163177,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1499347163177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347163177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YKVAAD4GZSusEAABwKgKMtP8AFCcucZwAAAAAKACchB\/fgAAAgQFtAQCCAoBOabVAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1499347163177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347163177,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0\/zGVu0LnLnGcaAScSBQzAAAAgQFtAQCCAoD43hLATmm1QEDAwc="} @@ -669,18 +566,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1499347169573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347169573,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83TtAAD4G6JSsEAABwKgKMtRAAFDvZ3AvAAAAAKACchB8jgAAAgQFtAQCCAoBOa0UAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1499347169574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347169574,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1EA8SVzP72dwMKAScSBh5gAAAgQFtAQCCAoD436LATmtFAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_last_seen":1499347169574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347169574,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TxAAD4G6JusEAABwKgKMtRAAFDvZ3AwPElc0IAQAOUA7gAAAQEICgE5rRQD436L"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packets_processed":1,"flow_first_seen":1499347172098,"flow_last_seen":1499347172098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347172098,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1499347172098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347172098,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dk5AAD4GT4KsEAABwKgKMtRaAFDNItnFAAAAAKACchAyrAAAAgQFtAQCCAoBOa+LAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":1499347172098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347172098,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1FoQ75vBzSLZxqAScSAB9QAAAgQFtAQCCAoD44ECATmviwEDAwc="} @@ -705,18 +602,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1499347181178,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347181178,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iI9AAD4GPUGsEAABwKgKMtS4AFBWujDmAAAAAKACchBIuAAAAgQFtAQCCAoBObhpAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1499347181178,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347181178,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1LiEJRdhVrow56AScSAgTQAAAgQFtAQCCAoD44ngATm4aQEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_last_seen":1499347181179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347181179,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iJBAAD4GPUisEAABwKgKMtS4AFBWujDnhCUXYoAQAOW\/UwAAAQEICgE5uGoD44ng"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packets_processed":1,"flow_first_seen":1499347182435,"flow_last_seen":1499347182435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182435,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1499347182435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347182435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IhAAD4G6UesEAABwKgKMtTGAFDgpGUsAAAAAKACchCJPgAAAgQFtAQCCAoBObmkAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":1499347182435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347182435,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1MbnFi1c4KRlLaAScSDmrAAAAgQFtAQCCAoD44saATm5pAEDAwc="} @@ -745,15 +640,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1499347191299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347191299,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8a9RAAD4GWfysEAABwKgKMtUmAFBoHamYAAAAAKACchC0UQAAAgQFtAQCCAoBOcJMAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1499347191299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347191299,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Sai+IEWaB2pmaAScSD5ewAAAgQFtAQCCAoD45PCATnCTAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_last_seen":1499347191300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347191300,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a9VAAD4GWgOsEAABwKgKMtUmAFBoHamZoviBF4AQAOWYgwAAAQEICgE5wkwD45PC"} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":312,"flow_first_seen":1499347097460,"flow_last_seen":1499347166757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":744,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packets_processed":1,"flow_first_seen":1499347192547,"flow_last_seen":1499347192547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192547,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1499347192547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347192547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NKNAAD4GkS2sEAABwKgKMtU0AFBlD\/cgAAAAAKACchBokgAAAgQFtAQCCAoBOcODAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1499347192547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347192547,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1TRgTBA1ZQ\/3IaAScSBgEgAAAgQFtAQCCAoD45T6ATnDgwEDAwc="} @@ -778,16 +676,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1499347201471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347201471,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JERAAD4GoYysEAABwKgKMtWSAFCOe+h\/AAAAAKACchBEsQAAAgQFtAQCCAoBOcw7AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1499347201471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347201471,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1ZJxUzmIjnvogKAScSD5HwAAAgQFtAQCCAoD452xATnMOwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_last_seen":1499347201472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347201472,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JEVAAD4GoZOsEAABwKgKMtWSAFCOe+iAcVM5iYAQAOWYJwAAAQEICgE5zDsD452x"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packets_processed":1,"flow_first_seen":1499347202722,"flow_last_seen":1499347202722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1499347202722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347202722,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83mxAAD4G52OsEAABwKgKMtWgAFD5fxMfAAAAAKACchCtxwAAAgQFtAQCCAoBOc1zAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_last_seen":1499347202722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347202722,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1aA8zHVU+X8TIKAScSBZuAAAAgQFtAQCCAoD457qATnNcwEDAwc="} @@ -812,18 +712,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1499347211522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347211522,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86VZAAD4G3HmsEAABwKgKMtX+AFCmKj9dAAAAAKACchDL6AAAAgQFtAQCCAoBOdYLAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1499347211522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347211522,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1f624YVgpio\/XqAScSDlHwAAAgQFtAQCCAoD46eCATnWCwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1499347211523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347211523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06VdAAD4G3ICsEAABwKgKMtX+AFCmKj9etuGFYYAQAOWEJgAAAQEICgE51gwD46eC"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packets_processed":1,"flow_first_seen":1499347214088,"flow_last_seen":1499347214088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347214088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1499347214088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347214088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KIZAAD4GnUqsEAABwKgKMtYYAFAozfALAAAAAKACchCV+wAAAgQFtAQCCAoBOdiNAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1499347214089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347214089,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1hgNeWHdKM3wDKAScSB5nQAAAgQFtAQCCAoD46oDATnYjQEDAwc="} @@ -848,22 +748,15 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1499347221694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347221694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89JJAAD4G0T2sEAABwKgKMtZqAFAcVCtpAAAAAKACchBfVwAAAgQFtAQCCAoBOd\/7AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1499347221695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347221695,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1mpdkOZGHFQraqAScSBnCgAAAgQFtAQCCAoD47FxATnf+wEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1499347221695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347221695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09JNAAD4G0USsEAABwKgKMtZqAFAcVCtqXZDmR4AQAOUGEgAAAQEICgE53\/sD47Fx"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":310,"flow_first_seen":1499347033203,"flow_last_seen":1499347101320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232677,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packets_processed":1,"flow_first_seen":1499347224338,"flow_last_seen":1499347224338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347224338,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1499347224338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347224338,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K5xAAD4GmjSsEAABwKgKMtaEAFDFiskTAAAAAKACchAVyAAAAgQFtAQCCAoBOeKPAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":1499347224338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347224338,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1oTh1R3txYrJFKAScSBe+gAAAgQFtAQCCAoD47QGATnijwEDAwc="} @@ -885,16 +778,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_last_seen":1499347230690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347230690,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1shnmPeomyhT76AScSCSVwAAAgQFtAQCCAoD47o6ATnowwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_last_seen":1499347230691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347230691,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uy5AAD4GCqqsEAABwKgKMtbIAFCbKFPvZ5j3qYAQAOUxXgAAAQEICgE56MQD47o6"} 00840{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packets_processed":4,"flow_first_seen":1499347228091,"flow_last_seen":1499347231733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347231733,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packets_processed":1,"flow_first_seen":1499347233219,"flow_last_seen":1499347233219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347233219,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1499347233219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347233219,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Fw9AAD4GrsGsEAABwKgKMtbiAFBsKfwzAAAAAKACchAy\/gAAAgQFtAQCCAoBOes8AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2215,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1499347233219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347233219,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1uJkUL6IbCn8NKAScSBQbgAAAgQFtAQCCAoD47yyATnrPAEDAwc="} @@ -919,18 +814,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1499347240786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347240786,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LjpAAD4Gl5asEAABwKgKMtc0AFB5mNylAAAAAKACchA9aAAAAgQFtAQCCAoBOfKfAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1499347240786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347240786,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1zRt9KwCeZjcpqAScSBcVgAAAgQFtAQCCAoD48QWATnynwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1499347240787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347240787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LjtAAD4Gl52sEAABwKgKMtc0AFB5mNymbfSsA4AQAOX7XAAAAQEICgE58qAD48QW"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packets_processed":1,"flow_first_seen":1499347243333,"flow_last_seen":1499347243333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243333,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1499347243333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347243333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87MZAAD4G2QmsEAABwKgKMtdOAFA1pxnaAAAAAKACchBBjgAAAgQFtAQCCAoBOfUcAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":1499347243333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347243333,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ104lyvYYNacZ26AScSBcFAAAAgQFtAQCCAoD48aSATn1HAEDAwc="} @@ -955,17 +850,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1499347252179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347252179,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86Q5AAD4G3MGsEAABwKgKMtesAFDOJxTOAAAAAKACchClFwAAAgQFtAQCCAoBOf3AAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_last_seen":1499347252179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347252179,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ16ypaMjNzicUz6AScSBgpgAAAgQFtAQCCAoD4882ATn9wAEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":3,"flow_last_seen":1499347252180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347252180,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06Q9AAD4G3MisEAABwKgKMtesAFDOJxTPqWjIzoAQAOX\/rQAAAQEICgE5\/cAD4882"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packets_processed":310,"flow_first_seen":1499347163177,"flow_last_seen":1499347230695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232658,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packets_processed":1,"flow_first_seen":1499347253445,"flow_last_seen":1499347253445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253445,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1499347253445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347253445,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uoZAAD4GC0qsEAABwKgKMte6AFBXtER6AAAAAKACchDqlAAAAgQFtAQCCAoBOf78AAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1499347253445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347253445,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ17p5Tes0V7REe6AScSCymwAAAgQFtAQCCAoD49ByATn+\/AEDAwc="} @@ -990,16 +884,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1499347262289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347262289,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ic9AAD4GPAGsEAABwKgKMtgYAFBS2I5QAAAAAKACchCcmQAAAgQFtAQCCAoBOgefAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2452,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_last_seen":1499347262289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347262289,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2BhB\/tqnUtiOUaAScSCj2QAAAgQFtAQCCAoD49kVAToHnwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2453,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":3,"flow_last_seen":1499347262290,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347262290,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0idBAAD4GPAisEAABwKgKMtgYAFBS2I5RQf7aqIAQAOVC4QAAAQEICgE6B58D49kV"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packets_processed":1,"flow_first_seen":1499347263542,"flow_last_seen":1499347263542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263542,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1499347263542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347263542,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDNAAD4GcZ2sEAABwKgKMtgmAFA8SlzqAAAAAKACchDjRQAAAgQFtAQCCAoBOgjZAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_last_seen":1499347263542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347263542,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2CaW4NetPEpc66AScSCXYwAAAgQFtAQCCAoD49pPAToI2QEDAwc="} @@ -1028,18 +924,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1499347272469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347272469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wnhAAD4GA1isEAABwKgKMtiGAFBxpNPoAAAAAKACchAt1gAAAgQFtAQCCAoBOhGQAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_last_seen":1499347272469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347272469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2IbhJKqDcaTT6aAScSC8IQAAAgQFtAQCCAoD4+MHAToRkAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":3,"flow_last_seen":1499347272470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347272470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wnlAAD4GA1+sEAABwKgKMtiGAFBxpNPp4SSqhIAQAOVbKAAAAQEICgE6EZED4+MH"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packets_processed":1,"flow_first_seen":1499347273742,"flow_last_seen":1499347273742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1499347273742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347273742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8s+tAAD4GEeWsEAABwKgKMtiUAFBek6EkAAAAAKACchByXgAAAgQFtAQCCAoBOhLPAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_last_seen":1499347273742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347273742,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2JQ5PiSKXpOhJaAScSAtTAAAAgQFtAQCCAoD4+RFAToSzwEDAwc="} @@ -1064,18 +958,17 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1499347282573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347282573,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mj1AAD4GK5OsEAABwKgKMtjyAFDR4YFTAAAAAKACchAV5AAAAgQFtAQCCAoBOhtuAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1499347282574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347282574,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2PL\/kZOB0eGBVKAScSCS5gAAAgQFtAQCCAoD4+zlATobbgEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1499347282574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347282574,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mj5AAD4GK5qsEAABwKgKMtjyAFDR4YFU\/5GTgoAQAOUx7QAAAQEICgE6G28D4+zl"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":312,"flow_first_seen":1499347097460,"flow_last_seen":1499347166757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":744,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packets_processed":1,"flow_first_seen":1499347285114,"flow_last_seen":1499347285114,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347285114,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1499347285114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347285114,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AAxAAD4GxcSsEAABwKgKMtkMAFDF1B3mAAAAAKACchCCyAAAAgQFtAQCCAoBOh3qAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1499347285114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347285114,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2Qzzh7fuxdQd56AScSDk7AAAAgQFtAQCCAoD4+9gATod6gEDAwc="} @@ -1100,22 +993,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1499347292725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347292725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Az5AAD4GwpKsEAABwKgKMtleAFDMWSZmAAAAAKACchBsAwAAAgQFtAQCCAoBOiVYAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1499347292725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347292725,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2V6LTEh8zFkmZ6AScSCeZwAAAgQFtAQCCAoD4\/bOATolWAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_last_seen":1499347292726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347292726,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Az9AAD4GwpmsEAABwKgKMtleAFDMWSZni0xIfYAQAOU9bgAAAQEICgE6JVkD4\/bO"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packets_processed":1,"flow_first_seen":1499347295224,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347295224,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347295224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CihAAD4Gu6isEAABwKgKMtl4AFDbgS3hAAAAAKACchBS1QAAAgQFtAQCCAoBOifJAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347295224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2XjDo5gx24Et4qAScSD6uwAAAgQFtAQCCAoD4\/k\/ATonyQEDAwc="} @@ -1137,16 +1024,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1499347301520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347301520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80Q9AAD4G9MCsEAABwKgKMtm8AFCdpvzgAAAAAKACchC7RgAAAgQFtAQCCAoBOi3vAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2783,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":1499347301520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347301520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2bw9W3Mnnab84aAScSAIWgAAAgQFtAQCCAoD4\/9lATot7wEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2784,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_last_seen":1499347301521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347301521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00RBAAD4G9MesEAABwKgKMtm8AFCdpvzhPVtzKIAQAOWnYQAAAQEICgE6Le8D4\/9l"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packets_processed":1,"flow_first_seen":1499347304125,"flow_last_seen":1499347304125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347304125,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1499347304125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347304125,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hKxAAD4GQSSsEAABwKgKMtnWAFBzErTWAAAAAKACchArQAAAAgQFtAQCCAoBOjB6AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":1499347304125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347304125,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2dawo5LBcxK016AScSDi5QAAAgQFtAQCCAoD5AHwATowegEDAwc="} @@ -1171,18 +1060,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1499347313106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347313106,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80LNAAD4G9RysEAABwKgKMto0AFBr7OnzAAAAAKACchD0JAAAAgQFtAQCCAoBOjlAAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":1499347313106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347313106,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2jRgNfxEa+zp9KAScSCJ7wAAAgQFtAQCCAoD5Aq2ATo5QAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2877,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_last_seen":1499347313106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347313106,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00LRAAD4G9SOsEAABwKgKMto0AFBr7On0YDX8RYAQAOUo9wAAAQEICgE6OUAD5Aq2"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packets_processed":1,"flow_first_seen":1499347314358,"flow_last_seen":1499347314358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1499347314358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347314358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wpZAAD4GAzqsEAABwKgKMtpCAFAntfjvAAAAAKACchAoGQAAAgQFtAQCCAoBOjp5AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":2,"flow_last_seen":1499347314358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347314358,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2kLsSHY8J7X48KAScSC2nwAAAgQFtAQCCAoD5AvvATo6eQEDAwc="} @@ -1207,17 +1096,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1499347323234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347323234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CttAAD4GuvWsEAABwKgKMtqgAFDxkUn\/AAAAAKACchAEJAAAAgQFtAQCCAoBOkMkAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1499347323234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347323234,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2qDnEfYn8ZFKAKAScSAPSwAAAgQFtAQCCAoD5BSaATpDJAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2958,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":3,"flow_last_seen":1499347323235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347323235,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CtxAAD4GuvysEAABwKgKMtqgAFDxkUoA5xH2KIAQAOWuUgAAAQEICgE6QyQD5BSa"} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packets_processed":310,"flow_first_seen":1499347228091,"flow_last_seen":1499347294990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232370,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packets_processed":1,"flow_first_seen":1499347324538,"flow_last_seen":1499347324538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324538,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1499347324538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347324538,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uCpAAD4GDaasEAABwKgKMtquAFARp\/xAAAAAAKACchAweQAAAgQFtAQCCAoBOkRqAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":1499347324538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347324538,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2q5SOt2REaf8QaAScSDnxwAAAgQFtAQCCAoD5BXgATpEagEDAwc="} @@ -1242,16 +1132,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1499347333419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347333419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bENAAD4GWY2sEAABwKgKMtsMAFCNWiFVAAAAAKACchCGpwAAAgQFtAQCCAoBOk0WAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":2,"flow_last_seen":1499347333420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347333420,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2wzHhupcjVohVqAScSCzMgAAAgQFtAQCCAoD5B6MATpNFgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":3,"flow_last_seen":1499347333420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347333420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bERAAD4GWZSsEAABwKgKMtsMAFCNWiFWx4bqXYAQAOVSOgAAAQEICgE6TRYD5B6M"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packets_processed":1,"flow_first_seen":1499347334667,"flow_last_seen":1499347334667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1499347334667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347334667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ruhAAD4GFuisEAABwKgKMtsaAFCxtOCmAAAAAKACchChtQAAAgQFtAQCCAoBOk5OAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":2,"flow_last_seen":1499347334667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347334667,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2xqx52s8sbTgp6AScSBhyAAAAgQFtAQCCAoD5B\/EATpOTgEDAwc="} @@ -1280,18 +1172,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1499347343672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347343672,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83PZAAD4G6NmsEAABwKgKMtt6AFBC4YvvAAAAAKACchBcFQAAAgQFtAQCCAoBOlcZAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":1499347343672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347343672,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ23pctqnYQuGL8KAScSAp8gAAAgQFtAQCCAoD5CiPATpXGQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_last_seen":1499347343673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347343673,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03PdAAD4G6OCsEAABwKgKMtt6AFBC4YvwXLap2YAQAOXI+AAAAQEICgE6VxoD5CiP"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packets_processed":1,"flow_first_seen":1499347346211,"flow_last_seen":1499347346211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347346211,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1499347346211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347346211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZYhAAD4GYEisEAABwKgKMtuUAFCjBDwcAAAAAKACchBJMAAAAgQFtAQCCAoBOlmUAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_last_seen":1499347346211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347346211,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ25SXkk2howQ8HaAScSA17QAAAgQFtAQCCAoD5CsKATpZlAEDAwc="} @@ -1312,20 +1204,17 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1499347352698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347352698,"pkt":"ABm5CmnxAMGxFOsxCABFAAA894dAAD4GzkisEAABwKgKMtvYAFB9d6htAAAAAKACchD70QAAAgQFtAQCCAoBOl\/qAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":1499347352699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347352699,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ29gsQT\/ffXeobqAScSBbTAAAAgQFtAQCCAoD5DFgATpf6gEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":1499347352699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347352699,"pkt":"ABm5CmnxAMGxFOsxCABFAAA094hAAD4Gzk+sEAABwKgKMtvYAFB9d6huLEE\/4IAQAOX6UwAAAQEICgE6X+oD5DFg"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packets_processed":310,"flow_first_seen":1499347163177,"flow_last_seen":1499347230695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232658,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packets_processed":1,"flow_first_seen":1499347355229,"flow_last_seen":1499347355229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347355229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1499347355229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347355229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GHxAAD4GrVSsEAABwKgKMtvyAFB7gnofAAAAAKACchApggAAAgQFtAQCCAoBOmJjAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1499347355229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347355229,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2\/L7jmGSe4J6IKAScSCVgwAAAgQFtAQCCAoD5DPYATpiYwEDAwc="} @@ -1351,16 +1240,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1499347364056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347364056,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+jlAAD4Gy5asEAABwKgKMtxQAFCMb5E4AAAAAKACchD4fwAAAgQFtAQCCAoBOmsBAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1499347364056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347364056,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3FBchRpEjG+ROaAScSBCOgAAAgQFtAQCCAoD5Dx3ATprAQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3300,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1499347364057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347364057,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+jpAAD4Gy52sEAABwKgKMtxQAFCMb5E5XIUaRYAQAOXhQAAAAQEICgE6awID5Dx3"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packets_processed":1,"flow_first_seen":1499347365320,"flow_last_seen":1499347365320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1499347365320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347365320,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CZFAAD4GvD+sEAABwKgKMtxeAFCYJmWsAAAAAKACchAXCwAAAgQFtAQCCAoBOmw9AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":1499347365320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347365320,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3F6n4QiemCZlraAScSAl0wAAAgQFtAQCCAoD5D2zATpsPQEDAwc="} @@ -1385,20 +1276,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1499347374136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347374136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DktAAD4Gt4WsEAABwKgKMty8AFAnfHqSAAAAAKACchBp1QAAAgQFtAQCCAoBOnTZAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_last_seen":1499347374136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347374136,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3LxHeFJ\/J3x6k6AScSCGiQAAAgQFtAQCCAoD5EZPATp02QEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3381,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_last_seen":1499347374137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347374137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DkxAAD4Gt4ysEAABwKgKMty8AFAnfHqTR3hSgIAQAOUlkAAAAQEICgE6dNoD5EZP"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packets_processed":1,"flow_first_seen":1499347375388,"flow_last_seen":1499347375388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375388,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1499347375388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347375388,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VfhAAD4Gb9isEAABwKgKMtzKAFDNpCPqAAAAAKACchAZDgAAAgQFtAQCCAoBOnYSAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3392,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":1499347375388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347375388,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3MqX5dxFzaQj66AScSBaVQAAAgQFtAQCCAoD5EeIATp2EgEDAwc="} @@ -1423,15 +1310,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1499347384186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347384186,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bHdAAD4GWVmsEAABwKgKMt0oAFALKxLdAAAAAKACchDjngAAAgQFtAQCCAoBOn6qAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1499347384186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347384186,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Sg6aAAMCysS3qAScSBWBQAAAgQFtAQCCAoD5FAgATp+qgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":1499347384187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347384187,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bHhAAD4GWWCsEAABwKgKMt0oAFALKxLeOmgADYAQAOX1DAAAAQEICgE6fqoD5FAg"} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packets_processed":310,"flow_first_seen":1499347291442,"flow_last_seen":1499347358996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232674,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packets_processed":1,"flow_first_seen":1499347385481,"flow_last_seen":1499347385481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385481,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1499347385481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347385481,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VSxAAD4GcKSsEAABwKgKMt02AFBQ3SrBAAAAAKACchCEtwAAAgQFtAQCCAoBOn\/tAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":1499347385481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347385481,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3TZsZa1KUN0qwqAScSAWnwAAAgQFtAQCCAoD5FFjATp\/7QEDAwc="} @@ -1456,18 +1346,20 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1499347394398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347394398,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eldAAD4GS3msEAABwKgKMt2UAFCjvfL0AAAAAKACchBgjwAAAgQFtAQCCAoBOoijAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":1499347394398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347394398,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ZQ04Dogo73y9aAScSCUcAAAAgQFtAQCCAoD5FoZATqIowEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_last_seen":1499347394399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347394399,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0elhAAD4GS4CsEAABwKgKMt2UAFCjvfL1NOA6IYAQAOUzeAAAAQEICgE6iKMD5FoZ"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packets_processed":1,"flow_first_seen":1499347395736,"flow_last_seen":1499347395736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1499347395736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347395736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86QJAAD4G3M2sEAABwKgKMt2iAFAP0mDzAAAAAKACchCFIAAAAgQFtAQCCAoBOonxAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_last_seen":1499347395736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347395736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3aKdN8ZwD9Jg9KAScSDDCwAAAgQFtAQCCAoD5FtnATqJ8QEDAwc="} @@ -1492,18 +1384,16 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1499347404575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347404575,"pkt":"ABm5CmnxAMGxFOsxCABFAAA871lAAD4G1nasEAABwKgKMt4AAFBz\/X3KAAAAAKACchD7HQAAAgQFtAQCCAoBOpKTAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3639,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":1499347404575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347404575,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3gCf5c\/zc\/19y6AScSAkNgAAAgQFtAQCCAoD5GQJATqSkwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":3,"flow_last_seen":1499347404576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347404576,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071pAAD4G1n2sEAABwKgKMt4AAFBz\/X3Ln+XP9IAQAOXDPQAAAQEICgE6kpMD5GQJ"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packets_processed":1,"flow_first_seen":1499347407100,"flow_last_seen":1499347407100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347407100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1499347407100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347407100,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oV1AAD4GJHOsEAABwKgKMt4aAFCK7TRXAAAAAKACchArEAAAAgQFtAQCCAoBOpUKAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":2,"flow_last_seen":1499347407100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347407100,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3hoI+EKiiu00WKAScSB18AAAAgQFtAQCCAoD5GaAATqVCgEDAwc="} @@ -1528,20 +1418,17 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1499347414709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347414709,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LQhAAD4GmMisEAABwKgKMt5sAFBxqrFxAAAAAKACchC\/dwAAAgQFtAQCCAoBOpx5AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3724,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1499347414710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347414710,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3mzO8Ll1caqxcqAScSDGHAAAAgQFtAQCCAoD5G3vATqceQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3725,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_last_seen":1499347414710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347414710,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LQlAAD4GmM+sEAABwKgKMt5sAFBxqrFyzvC5doAQAOVlJAAAAQEICgE6nHkD5G3v"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packets_processed":310,"flow_first_seen":1499347228091,"flow_last_seen":1499347294990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232370,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packets_processed":1,"flow_first_seen":1499347417243,"flow_last_seen":1499347417243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347417243,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1499347417243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347417243,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82KJAAD4G7S2sEAABwKgKMt6GAFDK0UZQAAAAAKACchDO3gAAAgQFtAQCCAoBOp7yAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3742,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":2,"flow_last_seen":1499347417244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347417244,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3oZtyr1sytFGUaAScSAwOgAAAgQFtAQCCAoD5HBoATqe8gEDAwc="} @@ -1567,16 +1454,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_last_seen":1499347423604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347423604,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3szh681K+SPr46AScSDLowAAAgQFtAQCCAoD5HaeATqlKAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":3,"flow_last_seen":1499347423605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347423605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TstAAD4Gdw2sEAABwKgKMt7MAFD5I+vj4evNS4AQAOVqqgAAAQEICgE6pSkD5Hae"} 00985{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packets_processed":4,"flow_first_seen":1499347419786,"flow_last_seen":1499347423605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347423605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packets_processed":1,"flow_first_seen":1499347426122,"flow_last_seen":1499347426122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347426122,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1499347426122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347426122,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vtlAAD4GBvesEAABwKgKMt7mAFDtahlHAAAAAKACchDQQgAAAgQFtAQCCAoBOqeeAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3821,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":2,"flow_last_seen":1499347426122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347426122,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ub5Z5wJ7WoZSKAScSC+twAAAgQFtAQCCAoD5HkUATqnngEDAwc="} @@ -1601,18 +1490,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3889,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1499347433753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347433753,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JW1AAD4GoGOsEAABwKgKMt84AFAetop\/AAAAAKACchAl+QAAAgQFtAQCCAoBOq8SAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3890,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_last_seen":1499347433753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347433753,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3zgqPCDhHraKgKAScSBXTwAAAgQFtAQCCAoD5ICHATqvEgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":3,"flow_last_seen":1499347433754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347433754,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JW5AAD4GoGqsEAABwKgKMt84AFAetoqAKjwg4oAQAOX2VgAAAQEICgE6rxID5ICH"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packets_processed":1,"flow_first_seen":1499347436274,"flow_last_seen":1499347436274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436274,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1499347436274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347436274,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W69AAD4GaiGsEAABwKgKMt9SAFA\/BeonAAAAAKACchCjcQAAAgQFtAQCCAoBOrGIAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3906,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":2,"flow_last_seen":1499347436274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347436274,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ31ICI0S7PwXqKKAScSDWjwAAAgQFtAQCCAoD5IL+ATqxiAEDAwc="} @@ -1637,17 +1526,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1499347445158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347445158,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/otAAD4Gx0SsEAABwKgKMt+wAFCaOES+AAAAAKACchDknAAAAgQFtAQCCAoBOro1AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_last_seen":1499347445158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347445158,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ37CiJaNtmjhEv6AScSAQWQAAAgQFtAQCCAoD5IurATq6NQEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3979,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_last_seen":1499347445159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347445159,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/oxAAD4Gx0usEAABwKgKMt+wAFCaOES\/oiWjboAQAOWvYAAAAQEICgE6ujUD5Iur"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packets_processed":320,"flow_first_seen":1499347355229,"flow_last_seen":1499347423381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232389,"flow_avg_l4_payload_len":726,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packets_processed":1,"flow_first_seen":1499347446419,"flow_last_seen":1499347446419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1499347446419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347446419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oGtAAD4GJWWsEAABwKgKMt++AFBFYxsbAAAAAKACchBhzAAAAgQFtAQCCAoBOrtwAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":2,"flow_last_seen":1499347446420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347446420,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ376sLltvRWMbHKAScSDKQgAAAgQFtAQCCAoD5IzmATq7cAEDAwc="} @@ -1672,18 +1562,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1499347455224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347455224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8z+5AAD4G9eGsEAABwKgKMuAcAFC7QQvkAAAAAKACchDyLAAAAgQFtAQCCAoBOsQKAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":2,"flow_last_seen":1499347455224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347455224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4BwGoR45u0EL5aAScSA0zgAAAgQFtAQCCAoD5JV\/ATrECgEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":3,"flow_last_seen":1499347455225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347455225,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z+9AAD4G9eisEAABwKgKMuAcAFC7QQvlBqEeOoAQAOXT1QAAAQEICgE6xAoD5JV\/"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packets_processed":1,"flow_first_seen":1499347456462,"flow_last_seen":1499347456462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456462,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1499347456462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347456462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YWdAAD4GZGmsEAABwKgKMuAqAFCeBqRYAAAAAKACchB1sAAAAgQFtAQCCAoBOsU\/AAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":2,"flow_last_seen":1499347456462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347456462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4CoPzfb\/ngakWaAScSDVKAAAAgQFtAQCCAoD5Ja1ATrFPwEDAwc="} @@ -1708,18 +1598,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1499347465304,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347465304,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nSBAAD4GKLCsEAABwKgKMuCIAFBo61DCAAAAAKACchD1YAAAAgQFtAQCCAoBOs3iAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":1499347465304,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347465304,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4Ijwu80MaOtQw6AScSCVOwAAAgQFtAQCCAoD5J9XATrN4gEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4147,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":1499347465305,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347465305,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nSFAAD4GKLesEAABwKgKMuCIAFBo61DD8LvNDYAQAOU0QwAAAQEICgE6zeID5J9X"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packets_processed":1,"flow_first_seen":1499347466553,"flow_last_seen":1499347466553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466553,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1499347466553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347466553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KvdAAD4GmtmsEAABwKgKMuCWAFD9ZuXtAAAAAKACchDKcwAAAgQFtAQCCAoBOs8aAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4158,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":2,"flow_last_seen":1499347466553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347466553,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4JYOrdMQ\/Wbl7qAScSBFIQAAAgQFtAQCCAoD5KCPATrPGgEDAwc="} @@ -1748,18 +1638,17 @@ 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1499347475384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347475384,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yGtAAD4G\/WSsEAABwKgKMuD2AFCdWh\/RAAAAAKACchDnnAAAAgQFtAQCCAoBOte6AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":2,"flow_last_seen":1499347475384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347475384,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4PYsYAVjnVof0qAScSAJpQAAAgQFtAQCCAoD5KkvATrXugEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4237,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":3,"flow_last_seen":1499347475385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347475385,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yGxAAD4G\/WusEAABwKgKMuD2AFCdWh\/SLGAFZIAQAOWorAAAAQEICgE617oD5Kkv"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packets_processed":310,"flow_first_seen":1499347291442,"flow_last_seen":1499347358996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232674,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packets_processed":1,"flow_first_seen":1499347476667,"flow_last_seen":1499347476667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1499347476667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347476667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86aJAAD4G3C2sEAABwKgKMuEEAFDYCDFYAAAAAKACchCaGQAAAgQFtAQCCAoBOtj6AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4250,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":2,"flow_last_seen":1499347476667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347476667,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4QTgdpFp2AgxWaAScSB6wwAAAgQFtAQCCAoD5KpwATrY+gEDAwc="} @@ -1784,18 +1673,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1499347485533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347485533,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jaZAAD4GOCqsEAABwKgKMuFiAFALNGwFAAAAAKACchAjOgAAAgQFtAQCCAoBOuGjAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":2,"flow_last_seen":1499347485533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347485533,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4WJ5n4cfCzRsBqAScSBsXQAAAgQFtAQCCAoD5LMYATrhowEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4322,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":3,"flow_last_seen":1499347485534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347485534,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jadAAD4GODGsEAABwKgKMuFiAFALNGwGeZ+HIIAQAOULZQAAAQEICgE64aMD5LMY"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packets_processed":1,"flow_first_seen":1499347486787,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486787,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347486787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D7tAAD4GthWsEAABwKgKMuFwAFB2mu1nAAAAAKACchA1KgAAAgQFtAQCCAoBOuLcAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":2,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347486787,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4XA0h5CedprtaKAScSC4rAAAAgQFtAQCCAoD5LRSATri3AEDAwc="} @@ -1821,20 +1708,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1499347495714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347495714,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ai5AAD4GW6KsEAABwKgKMuHOAFCuqYG6AAAAAKACchBfsgAAAgQFtAQCCAoBOuuUAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4406,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":2,"flow_last_seen":1499347495714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347495714,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4c4n\/DE+rqmBu6AScSBGaAAAAgQFtAQCCAoD5L0KATrrlAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4407,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":3,"flow_last_seen":1499347495715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347495715,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ai9AAD4GW6msEAABwKgKMuHOAFCuqYG7J\/wxP4AQAOXlbwAAAQEICgE665QD5L0K"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packets_processed":1,"flow_first_seen":1499347498249,"flow_last_seen":1499347498249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347498249,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1499347498249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347498249,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LPFAAD4GmN+sEAABwKgKMuHoAFBfF8L\/AAAAAKACchBrawAAAgQFtAQCCAoBOu4OAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":2,"flow_last_seen":1499347498249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347498249,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4ejKfeZhXxfDAKAScSD4AgAAAgQFtAQCCAoD5L+DATruDgEDAwc="} @@ -1859,20 +1744,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1499347505774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347505774,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e\/VAAD4GSdusEAABwKgKMuI6AFCzho6SAAAAAKACchBDvgAAAgQFtAQCCAoBOvVnAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4490,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":2,"flow_last_seen":1499347505774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347505774,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4joOXGebs4aOk6AScSAD5AAAAgQFtAQCCAoD5MbdATr1ZwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":3,"flow_last_seen":1499347505775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347505775,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/ZAAD4GSeKsEAABwKgKMuI6AFCzho6TDlxnnIAQAOWi6wAAAQEICgE69WcD5Mbd"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packets_processed":1,"flow_first_seen":1499347508344,"flow_last_seen":1499347508344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347508344,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1499347508344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347508344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QeJAAD4Gg+6sEAABwKgKMuJUAFDv7LYIAAAAAKACchDdRAAAAgQFtAQCCAoBOvfqAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":2,"flow_last_seen":1499347508344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347508344,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4lSsQaQu7+y2CaAScSDAbwAAAgQFtAQCCAoD5MlfATr36gEDAwc="} @@ -1893,15 +1776,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1499347514648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347514648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81oFAAD4G706sEAABwKgKMuKYAFBs5yiTAAAAAKACchDnUwAAAgQFtAQCCAoBOv4SAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4562,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":2,"flow_last_seen":1499347514648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347514648,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4pgH3WT1bOcolKAScSCn9AAAAgQFtAQCCAoD5M+HATr+EgEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":3,"flow_last_seen":1499347514648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347514648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01oJAAD4G71WsEAABwKgKMuKYAFBs5yiUB91k9oAQAOVG\/AAAAQEICgE6\/hID5M+H"} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packets_processed":310,"flow_first_seen":1499347419786,"flow_last_seen":1499347486791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232681,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packets_processed":1,"flow_first_seen":1499347517171,"flow_last_seen":1499347517171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347517171,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1499347517171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347517171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PfRAAD4Gh9ysEAABwKgKMuKyAFAJ1z18AAAAAKACchAy6wAAAgQFtAQCCAoBOwCIAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4580,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":2,"flow_last_seen":1499347517171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347517171,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4rJwyiE5Cdc9faAScSDL4wAAAgQFtAQCCAoD5NH+ATsAiAEDAwc="} @@ -1930,18 +1816,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1499347526155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347526155,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vM5AAD4GCQKsEAABwKgKMuMSAFBd27WBAAAAAKACchBdugAAAgQFtAQCCAoBOwlPAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4658,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":2,"flow_last_seen":1499347526155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347526155,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4xLVlk4tXdu1gqAScSBcLAAAAgQFtAQCCAoD5NrEATsJTwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":3,"flow_last_seen":1499347526156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347526156,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vM9AAD4GCQmsEAABwKgKMuMSAFBd27WC1ZZOLoAQAOX7MwAAAQEICgE7CU8D5NrE"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packets_processed":1,"flow_first_seen":1499347527425,"flow_last_seen":1499347527425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527425,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1499347527425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347527425,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84vtAAD4G4tSsEAABwKgKMuMgAFAAyeh3AAAAAKACchCGiwAAAgQFtAQCCAoBOwqMAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":2,"flow_last_seen":1499347527425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347527425,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4yBtIXfPAMnoeKAScSDCkwAAAgQFtAQCCAoD5NwBATsKjAEDAwc="} @@ -1966,16 +1852,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347536332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347536332,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4745,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":3,"flow_last_seen":1499347536333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347536333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGNAAD4GPXWsEAABwKgKMuN+AFBSPZteJdF39YAQAOWSqAAAAQEICgE7Ez8D5OS0"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packets_processed":1,"flow_first_seen":1499347537591,"flow_last_seen":1499347537591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537591,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1499347537591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347537591,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UmRAAD4Gc2ysEAABwKgKMuOMAFC1fUYeAAAAAKACchBp1gAAAgQFtAQCCAoBOxR6AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":2,"flow_last_seen":1499347537591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347537591,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ44xyZUlKtX1GH6AScSDFMQAAAgQFtAQCCAoD5OXvATsUegEDAwc="} @@ -2000,18 +1888,17 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4827,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1499347546427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347546427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Q6tAAD4GgiWsEAABwKgKMuPqAFBqhV6wAAAAAKACchCTPQAAAgQFtAQCCAoBOx0bAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4828,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":2,"flow_last_seen":1499347546428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347546428,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4+qNxgXIaoVesaAScSAOGQAAAgQFtAQCCAoD5O6QATsdGwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":3,"flow_last_seen":1499347546428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347546428,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q6xAAD4GgiysEAABwKgKMuPqAFBqhV6xjcYFyYAQAOWtIAAAAQEICgE7HRsD5O6Q"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packets_processed":320,"flow_first_seen":1499347355229,"flow_last_seen":1499347423381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232389,"flow_avg_l4_payload_len":726,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packets_processed":1,"flow_first_seen":1499347547687,"flow_last_seen":1499347547687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1499347547687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347547687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89IlAAD4G0UasEAABwKgKMuP4AFDYf+rfAAAAAKACchCXygAAAgQFtAQCCAoBOx5WAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":2,"flow_last_seen":1499347547687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347547687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4\/gRtWE22H\/q4KAScSAyDgAAAgQFtAQCCAoD5O\/LATseVgEDAwc="} @@ -2037,20 +1924,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1499347556523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347556523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89uZAAD4GzumsEAABwKgKMuRWAFDF1NARAAAAAKACchC8RAAAAgQFtAQCCAoBOyb3AAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4913,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":2,"flow_last_seen":1499347556523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347556523,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5FYT\/QypxdTQEqAScSCgLAAAAgQFtAQCCAoD5PhsATsm9wEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":3,"flow_last_seen":1499347556524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347556524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09udAAD4GzvCsEAABwKgKMuRWAFDF1NASE\/0MqoAQAOU\/NAAAAQEICgE7JvcD5Phs"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packets_processed":1,"flow_first_seen":1499347557789,"flow_last_seen":1499347557789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557789,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1499347557789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347557789,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82zBAAD4G6p+sEAABwKgKMuRkAFBn0PMDAAAAAKACchD2DAAAAgQFtAQCCAoBOygzAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":2,"flow_last_seen":1499347557789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347557789,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5GT+u1l1Z9DzBKAScSChLQAAAgQFtAQCCAoD5PmoATsoMwEDAwc="} @@ -2079,18 +1964,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1499347566719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347566719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bldAAD4GV3msEAABwKgKMuTEAFDBpl67AAAAAKACchAnZgAAAgQFtAQCCAoBOzDsAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":2,"flow_last_seen":1499347566719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347566719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5MTiLAwhwaZevKAScSAzsQAAAgQFtAQCCAoD5QJhATsw7AEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":3,"flow_last_seen":1499347566720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347566720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0blhAAD4GV4CsEAABwKgKMuTEAFDBpl684iwMIoAQAOXSuAAAAQEICgE7MOwD5QJh"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packets_processed":1,"flow_first_seen":1499347569321,"flow_last_seen":1499347569321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347569321,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1499347569321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347569321,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8g25AAD4GQmKsEAABwKgKMuTeAFCWQ7AYAAAAAKACchD+xwAAAgQFtAQCCAoBOzN2AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5021,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":2,"flow_last_seen":1499347569321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347569321,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5N7q6xnjlkOwGaAScSDyBwAAAgQFtAQCCAoD5QTrATszdgEDAwc="} @@ -2111,19 +1994,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1499347575652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347575652,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XdZAAD4GZ\/qsEAABwKgKMuUoAFDuGWRzAAAAAKACchDsHQAAAgQFtAQCCAoBOzmlAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":2,"flow_last_seen":1499347575652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347575652,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Sh6374H7hlkdKAScSClFgAAAgQFtAQCCAoD5QsaATs5pQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5076,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":3,"flow_last_seen":1499347575653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347575653,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XddAAD4GaAGsEAABwKgKMuUoAFDuGWR0et++CIAQAOVEHgAAAQEICgE7OaUD5Qsa"} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packets_processed":311,"flow_first_seen":1499347484263,"flow_last_seen":1499347551239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packets_processed":1,"flow_first_seen":1499347578164,"flow_last_seen":1499347578164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347578164,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1499347578164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347578164,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86A1AAD4G3cKsEAABwKgKMuVCAFCbVdQUAAAAAKACchDMsgAAAgQFtAQCCAoBOzwZAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5093,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":2,"flow_last_seen":1499347578164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347578164,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5UJIGXyrm1XUFaAScSD3WQAAAgQFtAQCCAoD5Q2OATs8GQEDAwc="} @@ -2148,18 +2030,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1499347585744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347585744,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CJdAAD4GvTmsEAABwKgKMuWUAFD9vEsXAAAAAKACchDrjwAAAgQFtAQCCAoBO0OAAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5163,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":2,"flow_last_seen":1499347585745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347585745,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ZQRxaCL\/bxLGKAScSAhRAAAAgQFtAQCCAoD5RT1ATtDgAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5165,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":3,"flow_last_seen":1499347585746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347585746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CJhAAD4GvUCsEAABwKgKMuWUAFD9vEsYEcWgjIAQAOXASwAAAQEICgE7Q4AD5RT1"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packets_processed":1,"flow_first_seen":1499347588270,"flow_last_seen":1499347588270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588270,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1499347588270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347588270,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nX9AAD4GKFGsEAABwKgKMuWuAFBMCdiIAAAAAKACchANQQAAAgQFtAQCCAoBO0X3AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":2,"flow_last_seen":1499347588270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347588270,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5a7qCbUZTAnYiaAScSBTqgAAAgQFtAQCCAoD5RdtATtF9wEDAwc="} @@ -2184,16 +2066,20 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1499347597121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347597121,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Xm5AAD4GZ2KsEAABwKgKMuYMAFDbqxDyAAAAAKACchA8MgAAAgQFtAQCCAoBO06cAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":2,"flow_last_seen":1499347597121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347597121,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5gw3EDJr26sQ86AScSCvnwAAAgQFtAQCCAoD5SARATtOnAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5255,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":3,"flow_last_seen":1499347597122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347597122,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Xm9AAD4GZ2msEAABwKgKMuYMAFDbqxDzNxAybIAQAOVOpwAAAQEICgE7TpwD5SAR"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packets_processed":1,"flow_first_seen":1499347598383,"flow_last_seen":1499347598383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598383,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1499347598383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347598383,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jLdAAD4GORmsEAABwKgKMuYaAFCJpsNgAAAAAKACchDafwAAAgQFtAQCCAoBO0\/XAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":2,"flow_last_seen":1499347598383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347598383,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5hrRW5D8iabDYaAScSBT1AAAAgQFtAQCCAoD5SFNATtP1wEDAwc="} @@ -2222,18 +2108,17 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1499347607344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347607344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8neJAAD4GJ+6sEAABwKgKMuZ6AFBKtMV6AAAAAKACchAONwAAAgQFtAQCCAoBO1iYAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5342,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":2,"flow_last_seen":1499347607344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347607344,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5nrlgxvESrTFe6AScSDf2wAAAgQFtAQCCAoD5SoNATtYmAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5343,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":3,"flow_last_seen":1499347607345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347607345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0neNAAD4GJ\/WsEAABwKgKMuZ6AFBKtMV75YMbxYAQAOV+4wAAAQEICgE7WJgD5SoN"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packets_processed":310,"flow_first_seen":1499347419786,"flow_last_seen":1499347486791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232681,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packets_processed":1,"flow_first_seen":1499347608596,"flow_last_seen":1499347608596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1499347608596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347608596,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UBJAAD4Gdb6sEAABwKgKMuaIAFDT6AnDAAAAAKACchA\/cwAAAgQFtAQCCAoBO1nRAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":2,"flow_last_seen":1499347608596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347608596,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5oh16C+h0+gJxKAScSBrnQAAAgQFtAQCCAoD5StGATtZ0QEDAwc="} @@ -2259,18 +2144,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1499347617491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347617491,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDpAAD4GcZasEAABwKgKMubmAFD8gja7AAAAAKACchDg0gAAAgQFtAQCCAoBO2KBAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":2,"flow_last_seen":1499347617491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347617491,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ubMDNHo\/II2vKAScSAL4QAAAgQFtAQCCAoD5TP2ATtigQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":3,"flow_last_seen":1499347617492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347617492,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VDtAAD4GcZ2sEAABwKgKMubmAFD8gja8zAzR6YAQAOWq6AAAAQEICgE7YoED5TP2"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packets_processed":1,"flow_first_seen":1499347618757,"flow_last_seen":1499347618757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618757,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1499347618757,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347618757,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UcRAAD4GdAysEAABwKgKMub0AFCevDJ5AAAAAKACchBBkQAAAgQFtAQCCAoBO2O9AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5445,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":2,"flow_last_seen":1499347618757,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347618757,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5vRXo2m0nrwyeqAScSBIAQAAAgQFtAQCCAoD5TUyATtjvQEDAwc="} @@ -2299,18 +2184,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1499347627616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347627616,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GbxAAD4GrBSsEAABwKgKMudUAFBilXXYAAAAAKACchAxUgAAAgQFtAQCCAoBO2xkAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":2,"flow_last_seen":1499347627616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347627616,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ51QwQXQsYpV12aAScSBMBQAAAgQFtAQCCAoD5T3ZATtsZAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5524,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":3,"flow_last_seen":1499347627617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347627617,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gb1AAD4GrBusEAABwKgKMudUAFBilXXZMEF0LYAQAOXrDAAAAQEICgE7bGQD5T3Z"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packets_processed":1,"flow_first_seen":1499347630130,"flow_last_seen":1499347630130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347630130,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1499347630130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347630130,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rFRAAD4GGXysEAABwKgKMuduAFDOysKMAAAAAKACchB12gAAAgQFtAQCCAoBO27YAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":2,"flow_last_seen":1499347630130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347630130,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5252igpmzsrCjaAScSCxlQAAAgQFtAQCCAoD5UBOATtu2AEDAwc="} @@ -2335,19 +2220,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1499347637687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347637687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W0xAAD4GaoSsEAABwKgKMufAAFAySC12AAAAAKACchCfvwAAAgQFtAQCCAoBO3Y6AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5612,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":2,"flow_last_seen":1499347637687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347637687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ58BffWshMkgtd6AScSCKawAAAgQFtAQCCAoD5UevATt2OgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":3,"flow_last_seen":1499347637688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347637688,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W01AAD4GaousEAABwKgKMufAAFAySC13X31rIoAQAOUpcwAAAQEICgE7djoD5Uev"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packets_processed":315,"flow_first_seen":1499347547687,"flow_last_seen":1499347614979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232682,"flow_avg_l4_payload_len":738,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packets_processed":1,"flow_first_seen":1499347640199,"flow_last_seen":1499347640199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347640199,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1499347640199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347640199,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81CZAAD4G8amsEAABwKgKMufaAFCvK6yIAAAAAKACchChOwAAAgQFtAQCCAoBO3iuAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":2,"flow_last_seen":1499347640199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347640199,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ59rwV\/OuryusiaAScSBwCwAAAgQFtAQCCAoD5UojATt4rgEDAwc="} @@ -2372,18 +2256,16 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1499347647733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347647733,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cdhAAD4GU\/isEAABwKgKMugsAFDFxvHRAAAAAKACchA9qgAAAgQFtAQCCAoBO4AJAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":2,"flow_last_seen":1499347647733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347647733,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6CyQ1\/Exxcbx0qAScSBnHAAAAgQFtAQCCAoD5VF+ATuACQEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":3,"flow_last_seen":1499347647734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347647734,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cdlAAD4GU\/+sEAABwKgKMugsAFDFxvHSkNfxMoAQAOUGJAAAAQEICgE7gAkD5VF+"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packets_processed":1,"flow_first_seen":1499347650289,"flow_last_seen":1499347650289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347650289,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1499347650289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347650289,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qjtAAD4GG5WsEAABwKgKMuhGAFAFSiizAAAAAKACchDErAAAAgQFtAQCCAoBO4KIAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5716,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":2,"flow_last_seen":1499347650290,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347650290,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6EbKc6N+BUootKAScSD\/tgAAAgQFtAQCCAoD5VP9ATuCiAEDAwc="} @@ -2404,20 +2286,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1499347656622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347656622,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83x1AAD4G5rKsEAABwKgKMuiKAFBnH1eqAAAAAKACchAtbQAAAgQFtAQCCAoBO4i3AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":2,"flow_last_seen":1499347656622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347656622,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6Ios50nrZx9Xq6AScSBZZwAAAgQFtAQCCAoD5VotATuItwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5772,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":3,"flow_last_seen":1499347656624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347656624,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03x5AAD4G5rmsEAABwKgKMuiKAFBnH1erLOdJ7IAQAOX4bQAAAQEICgE7iLgD5Vot"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packets_processed":1,"flow_first_seen":1499347659123,"flow_last_seen":1499347659123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347659123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1499347659123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347659123,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x6pAAD4G\/iWsEAABwKgKMuikAFB+qkyDAAAAAKACchAefQAAAgQFtAQCCAoBO4spAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":2,"flow_last_seen":1499347659123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347659123,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6KSKjQS\/fqpMhKAScSAvjAAAAgQFtAQCCAoD5VyeATuLKQEDAwc="} @@ -2442,18 +2322,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1499347668069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347668069,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TE1AAD4GeYOsEAABwKgKMukCAFANB9+oAAAAAKACchDz4AAAAgQFtAQCCAoBO5PlAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":2,"flow_last_seen":1499347668069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347668069,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6QI2lo7HDQffqaAScSDGIgAAAgQFtAQCCAoD5WVaATuT5QEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5866,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":3,"flow_last_seen":1499347668070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347668070,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TE5AAD4GeYqsEAABwKgKMukCAFANB9+pNpaOyIAQAOVlKQAAAQEICgE7k+YD5WVa"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packets_processed":1,"flow_first_seen":1499347669336,"flow_last_seen":1499347669336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669336,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1499347669336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347669336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XbZAAD4GaBqsEAABwKgKMukQAFClPsiUAAAAAKACchBxcgAAAgQFtAQCCAoBO5UiAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":2,"flow_last_seen":1499347669336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347669336,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6RAzOJpLpT7IlaAScSA6UQAAAgQFtAQCCAoD5WaXATuVIgEDAwc="} @@ -2478,16 +2358,17 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1499347678198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347678198,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86nhAAD4G21esEAABwKgKMuluAFCn23eyAAAAAKACchC2sQAAAgQFtAQCCAoBO53KAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":2,"flow_last_seen":1499347678198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347678198,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6W5MMi3pp9t3s6AScSDKUAAAAgQFtAQCCAoD5W8\/ATudygEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":3,"flow_last_seen":1499347678199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347678199,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06nlAAD4G216sEAABwKgKMuluAFCn23ezTDIt6oAQAOVpWAAAAQEICgE7ncoD5W8\/"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packets_processed":311,"flow_first_seen":1499347484263,"flow_last_seen":1499347551239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packets_processed":1,"flow_first_seen":1499347679469,"flow_last_seen":1499347679469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679469,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1499347679469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347679469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80KNAAD4G9SysEAABwKgKMul8AFCXJE+kAAAAAKACchDuKwAAAgQFtAQCCAoBO58HAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":2,"flow_last_seen":1499347679469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347679469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6XyRTq6MlyRPpaAScSA6zgAAAgQFtAQCCAoD5XB8ATufBwEDAwc="} @@ -2513,18 +2394,20 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1499347688364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347688364,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C45AAD4GukKsEAABwKgKMunaAFB\/Haw5AAAAAKACchCgjwAAAgQFtAQCCAoBO6e3AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":2,"flow_last_seen":1499347688365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347688365,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6dpm6d+Cfx2sOqAScSDd8AAAAgQFtAQCCAoD5XksATuntwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":3,"flow_last_seen":1499347688365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347688365,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C49AAD4GukmsEAABwKgKMunaAFB\/Haw6Zunfg4AQAOV8+AAAAQEICgE7p7cD5Xks"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packets_processed":1,"flow_first_seen":1499347689613,"flow_last_seen":1499347689613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689613,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1499347689613,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347689613,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80NlAAD4G9PasEAABwKgKMunoAFDCAng2AAAAAKACchCQZwAAAgQFtAQCCAoBO6jvAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":2,"flow_last_seen":1499347689613,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347689613,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6egCgzyzwgJ4N6AScSDTxgAAAgQFtAQCCAoD5XpkATuo7wEDAwc="} @@ -2549,21 +2432,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1499347698449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347698449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iq9AAD4GOyGsEAABwKgKMupGAFDXwDs\/AAAAAKACchCuoQAAAgQFtAQCCAoBO7GQAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":2,"flow_last_seen":1499347698449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347698449,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6kYJky3T18A7QKAScSDxLwAAAgQFtAQCCAoD5YMFATuxkAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":3,"flow_last_seen":1499347698449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347698449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0irBAAD4GOyisEAABwKgKMupGAFDXwDtACZMt1IAQAOWQNgAAAQEICgE7sZED5YMF"} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packets_processed":321,"flow_first_seen":1499347611162,"flow_last_seen":1499347679227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232367,"flow_avg_l4_payload_len":723,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packets_processed":1,"flow_first_seen":1499347699724,"flow_last_seen":1499347699724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699724,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1499347699724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347699724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U2NAAD4Gcm2sEAABwKgKMupUAFDv6uGsAAAAAKACchDuvAAAAgQFtAQCCAoBO7LPAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":2,"flow_last_seen":1499347699724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347699724,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6lS1E1w77+rhraAScSBWIwAAAgQFtAQCCAoD5YREATuyzwEDAwc="} @@ -2588,16 +2468,30 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1499347709252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347709252,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u61AAD4GCiOsEAABwKgKMuq0AFAeNwewAAAAAKACchCQvwAAAgQFtAQCCAoBO7wdAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":2,"flow_last_seen":1499347709253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347709253,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6rSwITsWHjcHsaAScSAU7wAAAgQFtAQCCAoD5Y2SATu8HQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":3,"flow_last_seen":1499347709253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347709253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u65AAD4GCiqsEAABwKgKMuq0AFAeNwexsCE7F4AQAOWz9QAAAQEICgE7vB4D5Y2S"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packets_processed":1,"flow_first_seen":1499347712277,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347712277,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347712277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nw9AAD4GJsGsEAABwKgKMurmAFCpjSAeAAAAAKACchDp1AAAAgQFtAQCCAoBO78RAAAAAAEDAwc="} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packets_processed":1,"flow_first_seen":1499347712277,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347712277,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -2622,18 +2516,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1499347720094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347720094,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qt5AAD4GGvKsEAABwKgKMus8AFAqiGxqAAAAAKACchAUlQAAAgQFtAQCCAoBO8a0AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":2,"flow_last_seen":1499347720095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347720095,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6zwJv9VKKohsa6AScSCaWwAAAgQFtAQCCAoD5ZgpATvGtAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":3,"flow_last_seen":1499347720095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347720095,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qt9AAD4GGvmsEAABwKgKMus8AFAqiGxrCb\/VS4AQAOU5YwAAAQEICgE7xrQD5Zgp"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packets_processed":1,"flow_first_seen":1499347721376,"flow_last_seen":1499347721376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721376,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1499347721376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347721376,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UaNAAD4GdC2sEAABwKgKMutKAFCqmpZXAAAAAKACchBpRwAAAgQFtAQCCAoBO8f0AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6290,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":2,"flow_last_seen":1499347721376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347721376,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ60r+f8PRqpqWWKAScSAKhgAAAgQFtAQCCAoD5ZlpATvH9AEDAwc="} @@ -2658,18 +2552,17 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1499347730501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347730501,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83upAAD4G5uWsEAABwKgKMuuoAFBoeQ40AAAAAKACchAqRAAAAgQFtAQCCAoBO9DeAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6364,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":2,"flow_last_seen":1499347730501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347730501,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ66jFwizsaHkONaAScSCSPAAAAgQFtAQCCAoD5aJSATvQ3gEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":3,"flow_last_seen":1499347730502,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347730502,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03utAAD4G5uysEAABwKgKMuuoAFBoeQ41xcIs7YAQAOUxRAAAAQEICgE70N4D5aJS"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packets_processed":315,"flow_first_seen":1499347547687,"flow_last_seen":1499347614979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232682,"flow_avg_l4_payload_len":738,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packets_processed":1,"flow_first_seen":1499347731797,"flow_last_seen":1499347731797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731797,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1499347731797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347731797,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84K9AAD4G5SCsEAABwKgKMuu2AFCGTjKNAAAAAKACchDmwwAAAgQFtAQCCAoBO9IiAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":2,"flow_last_seen":1499347731797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347731797,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ67ZFR3+Dhk4yjqAScSB7XAAAAgQFtAQCCAoD5aOWATvSIgEDAwc="} @@ -2698,16 +2591,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1499347740751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347740751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8V35AAD4GblKsEAABwKgKMuwWAFBKCo2eAAAAAKACchC+2AAAAgQFtAQCCAoBO9rgAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6455,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":2,"flow_last_seen":1499347740751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347740751,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Bb1vAeUSgqNn6AScSASLAAAAgQFtAQCCAoD5axVATva4AEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6456,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":3,"flow_last_seen":1499347740752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347740752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V39AAD4GblmsEAABwKgKMuwWAFBKCo2f9bwHlYAQAOWxMwAAAQEICgE72uAD5axV"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packets_processed":1,"flow_first_seen":1499347743331,"flow_last_seen":1499347743331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347743331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1499347743331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347743331,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iytAAD4GOqWsEAABwKgKMuwwAFCeqlZOAAAAAKACchCe6QAAAgQFtAQCCAoBO91lAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":2,"flow_last_seen":1499347743331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347743331,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7DCbKjZEnqpWT6AScSAbmgAAAgQFtAQCCAoD5a7aATvdZQEDAwc="} @@ -2729,20 +2624,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6527,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1499347749751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347749751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IJFAAD4GpT+sEAABwKgKMux0AFD35MM7AAAAAKACchDSOAAAAgQFtAQCCAoBO+OqAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6528,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":2,"flow_last_seen":1499347749752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347749752,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7HSHR7QM9+TDPKAScSDevgAAAgQFtAQCCAoD5bUfATvjqgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":3,"flow_last_seen":1499347749752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347749752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IJJAAD4GpUasEAABwKgKMux0AFD35MM8h0e0DYAQAOV9xgAAAQEICgE746oD5bUf"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packets_processed":1,"flow_first_seen":1499347752308,"flow_last_seen":1499347752308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1499347752308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347752308,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qStAAD4GHKWsEAABwKgKMuyOAFBMoE8CAAAAAKACchDvHQAAAgQFtAQCCAoBO+YpAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":2,"flow_last_seen":1499347752308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347752308,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7I5f6lZGTKBPA6AScSB+SAAAAgQFtAQCCAoD5beeATvmKQEDAwc="} @@ -2767,18 +2660,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6617,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1499347761418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347761418,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8apdAAD4GWzmsEAABwKgKMuzsAFC\/aIWYAAAAAKACchA8ewAAAgQFtAQCCAoBO+8PAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":2,"flow_last_seen":1499347761418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347761418,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7OwFUgVYv2iFmaAScSBuRgAAAgQFtAQCCAoD5cCEATvvDwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6619,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":3,"flow_last_seen":1499347761419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347761419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aphAAD4GW0CsEAABwKgKMuzsAFC\/aIWZBVIFWYAQAOUNTgAAAQEICgE77w8D5cCE"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packets_processed":1,"flow_first_seen":1499347762675,"flow_last_seen":1499347762675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762675,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1499347762675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347762675,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U3VAAD4GclusEAABwKgKMuz6AFDBm6M8AAAAAKACchAbXAAAAgQFtAQCCAoBO\/BJAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":2,"flow_last_seen":1499347762675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347762675,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Proa5y3wZujPaAScSDRcwAAAgQFtAQCCAoD5cG+ATvwSQEDAwc="} @@ -2807,15 +2700,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1499347771635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347771635,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jzNAAD4GNp2sEAABwKgKMu1aAFBxsHY6AAAAAKACchCPKQAAAgQFtAQCCAoBO\/kJAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6706,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":2,"flow_last_seen":1499347771635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347771635,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7VoJ3i\/mcbB2O6AScSCH4AAAAgQFtAQCCAoD5cp+ATv5CQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":3,"flow_last_seen":1499347771636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347771636,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jzRAAD4GNqSsEAABwKgKMu1aAFBxsHY7Cd4v54AQAOUm6AAAAQEICgE7+QkD5cp+"} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packets_processed":312,"flow_first_seen":1499347675703,"flow_last_seen":1499347745908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232186,"flow_avg_l4_payload_len":744,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packets_processed":1,"flow_first_seen":1499347774205,"flow_last_seen":1499347774205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347774205,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1499347774205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347774205,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pr5AAD4GHxKsEAABwKgKMu10AFBYS10yAAAAAKACchC++QAAAgQFtAQCCAoBO\/uMAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":2,"flow_last_seen":1499347774205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347774205,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7XSGo4hpWEtdM6AScSDf5QAAAgQFtAQCCAoD5c0AATv7jAEDAwc="} @@ -2836,20 +2732,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1499347780605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347780605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Kg9AAD4Gm8GsEAABwKgKMu24AFBtBSvDAAAAAKACchDVKgAAAgQFtAQCCAoBPAHMAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6781,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":2,"flow_last_seen":1499347780605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347780605,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7bgVufFFbQUrxKAScSD35AAAAgQFtAQCCAoD5dNAATwBzAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":3,"flow_last_seen":1499347780605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347780605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KhBAAD4Gm8isEAABwKgKMu24AFBtBSvEFbnxRoAQAOWW7AAAAQEICgE8AcwD5dNA"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packets_processed":1,"flow_first_seen":1499347783176,"flow_last_seen":1499347783176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347783176,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1499347783176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347783176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8URhAAD4GdLisEAABwKgKMu3SAFAelFVWAAAAAKACchD3bAAAAgQFtAQCCAoBPAROAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":2,"flow_last_seen":1499347783176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347783176,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7dLS\/qxUHpRVV6AScSCfTwAAAgQFtAQCCAoD5dXDATwETgEDAwc="} @@ -2874,18 +2768,19 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6871,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1499347792291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347792291,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GCRAAD4GraysEAABwKgKMu4wAFDmKhURAAAAAKACchBm1gAAAgQFtAQCCAoBPA01AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":2,"flow_last_seen":1499347792291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347792291,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7jDnRnKf5ioVEqAScSArPwAAAgQFtAQCCAoD5d6qATwNNQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":3,"flow_last_seen":1499347792291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347792291,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GCVAAD4GrbOsEAABwKgKMu4wAFDmKhUS50ZyoIAQAOXKRgAAAQEICgE8DTUD5d6q"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packets_processed":321,"flow_first_seen":1499347611162,"flow_last_seen":1499347679227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232367,"flow_avg_l4_payload_len":723,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packets_processed":1,"flow_first_seen":1499347793575,"flow_last_seen":1499347793575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793575,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1499347793575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347793575,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86x9AAD4G2rCsEAABwKgKMu4+AFCp1uVpAAAAAKACchDRggAAAgQFtAQCCAoBPA52AAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":2,"flow_last_seen":1499347793575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347793575,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7j6t+bU4qdblaqAScSCLXgAAAgQFtAQCCAoD5d\/rATwOdgEDAwc="} @@ -2910,18 +2805,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1499347802549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347802549,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jF5AAD4GOXKsEAABwKgKMoBUAFDx5ZtkAAAAAKACchA4nwAAAgQFtAQCCAoBPBc6AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":2,"flow_last_seen":1499347802549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347802549,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgFQ6vzwG8eWbZaAScSDWJAAAAgQFtAQCCAoD5eiuATwXOgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":3,"flow_last_seen":1499347802550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347802550,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jF9AAD4GOXmsEAABwKgKMoBUAFDx5ZtlOr88B4AQAOV1LAAAAQEICgE8FzoD5eiu"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packets_processed":1,"flow_first_seen":1499347805119,"flow_last_seen":1499347805119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347805119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1499347805119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347805119,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZmVAAD4GX2usEAABwKgKMoBuAFBq0H\/ZAAAAAKACchDYowAAAgQFtAQCCAoBPBm8AAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":2,"flow_last_seen":1499347805119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347805119,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgG5Z9D1oatB\/2qAScSBTDwAAAgQFtAQCCAoD5esxATwZvAEDAwc="} @@ -2947,16 +2840,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1499347812797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347812797,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YtxAAD4GYvSsEAABwKgKMoDAAFAQTEPgAAAAAKACchBnTwAAAgQFtAQCCAoBPCE8AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":2,"flow_last_seen":1499347812797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347812797,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgMBbJW45EExD4aAScSCoOQAAAgQFtAQCCAoD5fKwATwhPAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":3,"flow_last_seen":1499347812798,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347812798,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Yt1AAD4GYvusEAABwKgKMoDAAFAQTEPhWyVuOoAQAOVHQQAAAQEICgE8ITwD5fKw"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packets_processed":1,"flow_first_seen":1499347814066,"flow_last_seen":1499347814066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347814066,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1499347814066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347814066,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NuNAAD4Gju2sEAABwKgKMoDOAFApMBSaAAAAAKACchB8ZgAAAgQFtAQCCAoBPCJ5AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":2,"flow_last_seen":1499347814066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347814066,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgM6yTRTHKTAUm6AScSC+XAAAAgQFtAQCCAoD5fPuATwieQEDAwc="} @@ -2981,20 +2876,16 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1499347823117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347823117,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/vRAAD4GxtusEAABwKgKMoEsAFBFq9WkAAAAAKACchCVqwAAAgQFtAQCCAoBPCtQAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":2,"flow_last_seen":1499347823117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347823117,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgSyhFRrnRavVpaAScSDZ4wAAAgQFtAQCCAoD5fzEATwrUAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":3,"flow_last_seen":1499347823118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347823118,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vVAAD4GxuKsEAABwKgKMoEsAFBFq9WloRUa6IAQAOV46wAAAQEICgE8K1AD5fzE"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packets_processed":1,"flow_first_seen":1499347824426,"flow_last_seen":1499347824426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824426,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1499347824426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347824426,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80mVAAD4G82qsEAABwKgKMoE6AFCPwv7yAAAAAKACchAg8QAAAgQFtAQCCAoBPCyXAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":2,"flow_last_seen":1499347824426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347824426,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgToZT9eBj8L+86AScSAvDQAAAgQFtAQCCAoD5f4MATwslwEDAwc="} @@ -3019,15 +2910,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1499347833462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347833462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H+JAAD4Gpe6sEAABwKgKMoGYAFAzOSqIAAAAAKACchBItAAAAgQFtAQCCAoBPDVqAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":2,"flow_last_seen":1499347833462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347833462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgZimBogRMzkqiaAScSAQtwAAAgQFtAQCCAoD5gbeATw1agEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":3,"flow_last_seen":1499347833462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347833462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H+NAAD4GpfWsEAABwKgKMoGYAFAzOSqJpgaIEoAQAOWvvgAAAQEICgE8NWoD5gbe"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packets_processed":311,"flow_first_seen":1499347743331,"flow_last_seen":1499347811268,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packets_processed":1,"flow_first_seen":1499347836095,"flow_last_seen":1499347836095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347836095,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1499347836095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347836095,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z2FAAD4GXm+sEAABwKgKMoGyAFBvhFCdAAAAAKACchDjpwAAAgQFtAQCCAoBPDf8AAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":2,"flow_last_seen":1499347836095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347836095,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgbKB84w4b4RQnqAScSDJAwAAAgQFtAQCCAoD5glxATw3\/AEDAwc="} @@ -3048,18 +2942,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1499347842491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347842491,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lUdAAD4GMImsEAABwKgKMoH2AFCtqqt8AAAAAKACchBEHwAAAgQFtAQCCAoBPD47AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":2,"flow_last_seen":1499347842491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347842491,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgfYhjECLraqrfaAScSDPUAAAAgQFtAQCCAoD5g+wATw+OwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":3,"flow_last_seen":1499347842492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347842492,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lUhAAD4GMJCsEAABwKgKMoH2AFCtqqt9IYxAjIAQAOVuVwAAAQEICgE8PjwD5g+w"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packets_processed":1,"flow_first_seen":1499347845077,"flow_last_seen":1499347845077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347845077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1499347845077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347845077,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IxAAD4G6UOsEAABwKgKMoIQAFCGLpxOAAAAAKACchB4KAAAAgQFtAQCCAoBPEDCAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7303,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":2,"flow_last_seen":1499347845077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347845077,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQghDt+J+Thi6cT6AScSDVXgAAAgQFtAQCCAoD5hI2ATxAwgEDAwc="} @@ -3084,20 +2976,20 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1499347852742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347852742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87IFAAD4G2U6sEAABwKgKMoJiAFDnuKS\/AAAAAKACchAGXwAAAgQFtAQCCAoBPEg+AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":2,"flow_last_seen":1499347852742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347852742,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgmLb7idG57ikwKAScSDmbwAAAgQFtAQCCAoD5hmzATxIPgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":3,"flow_last_seen":1499347852743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347852743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07IJAAD4G2VWsEAABwKgKMoJiAFDnuKTA2+4nR4AQAOWFdwAAAQEICgE8SD4D5hmz"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packets_processed":1,"flow_first_seen":1499347855324,"flow_last_seen":1499347855324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855324,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1499347855324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347855324,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82qpAAD4G6yWsEAABwKgKMoJ8AFBnHpBuAAAAAKACchCYqgAAAgQFtAQCCAoBPErEAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7384,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":2,"flow_last_seen":1499347855324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347855324,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgnxQBHT\/Zx6Qb6AScSC0ZwAAAgQFtAQCCAoD5hw4ATxKxAEDAwc="} @@ -3126,16 +3018,17 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7458,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1499347864367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347864367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SwNAAD4Ges2sEAABwKgKMoLcAFBKORibAAAAAKACchAkLwAAAgQFtAQCCAoBPFOYAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7459,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":2,"flow_last_seen":1499347864367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347864367,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgtztJOKwSjkYnKAScSAsRQAAAgQFtAQCCAoD5iUNATxTmAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7461,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":3,"flow_last_seen":1499347864368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347864368,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SwRAAD4GetSsEAABwKgKMoLcAFBKORic7STisYAQAOXLSwAAAQEICgE8U5kD5iUN"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packets_processed":312,"flow_first_seen":1499347675703,"flow_last_seen":1499347745908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232186,"flow_avg_l4_payload_len":744,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packets_processed":1,"flow_first_seen":1499347867086,"flow_last_seen":1499347867086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347867086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1499347867086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347867086,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sxZAAD4GErqsEAABwKgKMoL2AFBvHeVWAAAAAKACchAvzQAAAgQFtAQCCAoBPFZAAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7483,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":2,"flow_last_seen":1499347867086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347867086,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgvZcEWBbbx3lV6AScSBIpAAAAgQFtAQCCAoD5ie1ATxWQAEDAwc="} @@ -3160,16 +3053,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1499347874737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347874737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88wxAAD4G0sOsEAABwKgKMoNIAFDgx661AAAAAKACchDs+AAAAgQFtAQCCAoBPF25AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":2,"flow_last_seen":1499347874737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347874737,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg0iSQssc4MeutqAScSBdZQAAAgQFtAQCCAoD5i8tATxduQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7547,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":3,"flow_last_seen":1499347874738,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347874738,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08w1AAD4G0sqsEAABwKgKMoNIAFDgx662kkLLHYAQAOX8bAAAAQEICgE8XbkD5i8t"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00840{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packets_processed":4,"flow_first_seen":1499347872187,"flow_last_seen":1499347877028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347877028,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packets_processed":1,"flow_first_seen":1499347877292,"flow_last_seen":1499347877292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347877292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1499347877292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347877292,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t4hAAD4GDkisEAABwKgKMoNiAFCEB9ewAAAAAKACchAeJQAAAgQFtAQCCAoBPGA4AAAAAAEDAwc="} @@ -3191,20 +3084,16 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1499347883693,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347883693,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WYNAAD4GbE2sEAABwKgKMoOmAFDBWz\/7AAAAAKACchByAgAAAgQFtAQCCAoBPGZ4AAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7619,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":2,"flow_last_seen":1499347883693,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347883693,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg6YJ\/gJMwVs\/\/KAScSAqxQAAAgQFtAQCCAoD5jfsATxmeAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":3,"flow_last_seen":1499347883694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347883694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WYRAAD4GbFSsEAABwKgKMoOmAFDBWz\/8Cf4CTYAQAOXJzAAAAQEICgE8ZngD5jfs"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packets_processed":1,"flow_first_seen":1499347886296,"flow_last_seen":1499347886296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1499347886296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347886296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8J3NAAD4Gnl2sEAABwKgKMoPAAFDfgE5wAAAAAKACchBCwwAAAgQFtAQCCAoBPGkDAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7637,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":2,"flow_last_seen":1499347886296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347886296,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg8DWbqB034BOcaAScSCOYQAAAgQFtAQCCAoD5jp3ATxpAwEDAwc="} @@ -3229,19 +3118,20 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1499347895396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347895396,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+PRAAD4GzNusEAABwKgKMoQeAFBBmIkSAAAAAKACchCcyAAAAgQFtAQCCAoBPHHmAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":2,"flow_last_seen":1499347895397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347895397,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhB6fI8DwQZiJE6AScSD2UgAAAgQFtAQCCAoD5kNaATxx5gEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7711,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":3,"flow_last_seen":1499347895397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347895397,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+PVAAD4GzOKsEAABwKgKMoQeAFBBmIkTnyPA8YAQAOWVWgAAAQEICgE8ceYD5kNa"} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packets_processed":310,"flow_first_seen":1499347807664,"flow_last_seen":1499347876003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232685,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packets_processed":1,"flow_first_seen":1499347896716,"flow_last_seen":1499347896716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1499347896716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347896716,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SsxAAD4GewSsEAABwKgKMoQsAFDW1Dn8AAAAAKACchBVSgAAAgQFtAQCCAoBPHMwAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":2,"flow_last_seen":1499347896716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347896716,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhCxEXQKe1tQ5\/aAScSDGowAAAgQFtAQCCAoD5kSkATxzMAEDAwc="} @@ -3266,14 +3156,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7794,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1499347905694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347905694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dZJAAD4GUD6sEAABwKgKMoSKAFAcIA5mAAAAAKACchAycwAAAgQFtAQCCAoBPHv0AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7795,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":2,"flow_last_seen":1499347905694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347905694,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhIr8f9XqHCAOZ6AScSAPmAAAAgQFtAQCCAoD5k1pATx79AEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7796,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":3,"flow_last_seen":1499347905695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347905695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dZNAAD4GUEWsEAABwKgKMoSKAFAcIA5n\/H\/V64AQAOWunwAAAQEICgE8e\/QD5k1p"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packets_processed":1,"flow_first_seen":1499347908253,"flow_last_seen":1499347908253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347908253,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1499347908253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347908253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XLdAAD4GaRmsEAABwKgKMoSkAFDBACLDAAAAAKACchB2mwAAAgQFtAQCCAoBPH50AAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":2,"flow_last_seen":1499347908253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347908253,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhKRv9+kSwQAixKAScSDKoQAAAgQFtAQCCAoD5k\/oATx+dAEDAwc="} @@ -3294,20 +3188,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7868,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1499347914710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347914710,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oQ5AAD4GJMKsEAABwKgKMoToAFDafCXMAAAAAKACchBThAAAAgQFtAQCCAoBPITCAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7869,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":2,"flow_last_seen":1499347914710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347914710,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhOgBH2BK2nwlzaAScSCY3AAAAgQFtAQCCAoD5lY3ATyEwgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":3,"flow_last_seen":1499347914711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347914711,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oQ9AAD4GJMmsEAABwKgKMoToAFDafCXNAR9gS4AQAOU34wAAAQEICgE8hMMD5lY3"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packets_processed":1,"flow_first_seen":1499347917322,"flow_last_seen":1499347917322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917322,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1499347917322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347917322,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CqdAAD4GuymsEAABwKgKMoUCAFC+4o3oAAAAAKACchAEWwAAAgQFtAQCCAoBPIdPAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7887,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":2,"flow_last_seen":1499347917323,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347917323,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhQJ4jpXCvuKN6aAScSCaPgAAAgQFtAQCCAoD5ljEATyHTwEDAwc="} @@ -3332,16 +3222,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1499347926328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347926328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Y4hAAD4GYkisEAABwKgKMoVgAFAOjvOTAAAAAKACchBF2gAAAgQFtAQCCAoBPJAbAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":2,"flow_last_seen":1499347926328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347926328,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhWB82qzsDo7zlKAScSC3fAAAAgQFtAQCCAoD5mGPATyQGwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":3,"flow_last_seen":1499347926329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347926329,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y4lAAD4GYk+sEAABwKgKMoVgAFAOjvOUfNqs7YAQAOVWhAAAAQEICgE8kBsD5mGP"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packets_processed":1,"flow_first_seen":1499347927657,"flow_last_seen":1499347927657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927657,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1499347927657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347927657,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NcxAAD4GkASsEAABwKgKMoVuAFCXD6SrAAAAAKACchAK5wAAAgQFtAQCCAoBPJFnAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7973,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":2,"flow_last_seen":1499347927657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347927657,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhW4waOSnlw+krKAScSCP9AAAAgQFtAQCCAoD5mLbATyRZwEDAwc="} @@ -3366,16 +3256,19 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1499347936727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347936727,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IMJAAD4GpQ6sEAABwKgKMoXMAFAQdrqBAAAAAKACchBycAAAAgQFtAQCCAoBPJpDAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":2,"flow_last_seen":1499347936727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347936727,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhcyowg88EHa6gqAScSBLswAAAgQFtAQCCAoD5mu3ATyaQwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8046,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":3,"flow_last_seen":1499347936728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347936728,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IMNAAD4GpRWsEAABwKgKMoXMAFAQdrqCqMIPPYAQAOXqugAAAQEICgE8mkMD5mu3"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packets_processed":311,"flow_first_seen":1499347743331,"flow_last_seen":1499347811268,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packets_processed":1,"flow_first_seen":1499347939286,"flow_last_seen":1499347939286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347939286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1499347939286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347939286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86O9AAD4G3OCsEAABwKgKMoXmAFBSpnQtAAAAAKACchBz+wAAAgQFtAQCCAoBPJzCAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":2,"flow_last_seen":1499347939286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347939286,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQheYnhiyyUqZ0LqAScSCuhQAAAgQFtAQCCAoD5m42ATycwgEDAwc="} @@ -3397,20 +3290,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1499347945720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347945720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sjdAAD4GE5msEAABwKgKMoYqAFDdpBE8AAAAAKACchBFYQAAAgQFtAQCCAoBPKMLAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8118,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":2,"flow_last_seen":1499347945720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347945720,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhiqh1kGM3aQRPaAScSDqdwAAAgQFtAQCCAoD5nR\/ATyjCwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":3,"flow_last_seen":1499347945721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347945721,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sjhAAD4GE6CsEAABwKgKMoYqAFDdpBE9odZBjYAQAOWJfwAAAQEICgE8owsD5nR\/"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packets_processed":1,"flow_first_seen":1499347948293,"flow_last_seen":1499347948293,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948293,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1499347948293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347948293,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EvlAAD4GstesEAABwKgKMoZEAFDGn7d3AAAAAKACchCzjQAAAgQFtAQCCAoBPKWOAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":2,"flow_last_seen":1499347948293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347948293,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhkRGWOs1xp+3eKAScSAH9gAAAgQFtAQCCAoD5ncCATyljgEDAwc="} @@ -3435,16 +3326,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1499347957282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347957282,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82nJAAD4G612sEAABwKgKMoaiAFCv93QkAAAAAKACchAEYwAAAgQFtAQCCAoBPK5WAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":2,"flow_last_seen":1499347957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347957283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhqLwUjy4r\/d0JaAScSBUhgAAAgQFtAQCCAoD5n\/KATyuVgEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":3,"flow_last_seen":1499347957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347957283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02nNAAD4G62SsEAABwKgKMoaiAFCv93Ql8FI8uYAQAOXzjQAAAQEICgE8rlYD5n\/K"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packets_processed":1,"flow_first_seen":1499347958588,"flow_last_seen":1499347958588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958588,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1499347958588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347958588,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iDdAAD4GPZmsEAABwKgKMoawAFCTxierAAAAAKACchBruQAAAgQFtAQCCAoBPK+cAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":2,"flow_last_seen":1499347958588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347958588,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhrCsuJaMk8YnrKAScSCkXAAAAgQFtAQCCAoD5oEQATyvnAEDAwc="} @@ -3473,15 +3364,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1499347967724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347967724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JnBAAD4Gn2CsEAABwKgKMocQAFDWSp74AAAAAKACchComwAAAgQFtAQCCAoBPLiIAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":2,"flow_last_seen":1499347967725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347967725,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhxDJR2HM1kqe+aAScSDwgwAAAgQFtAQCCAoD5on8ATy4iAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":3,"flow_last_seen":1499347967725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347967725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JnFAAD4Gn2esEAABwKgKMocQAFDWSp75yUdhzYAQAOWPiwAAAQEICgE8uIgD5on8"} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packets_processed":316,"flow_first_seen":1499347872187,"flow_last_seen":1499347941610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":735,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packets_processed":1,"flow_first_seen":1499347970267,"flow_last_seen":1499347970267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347970267,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1499347970267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347970267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vvZAAD4GBtqsEAABwKgKMocqAFAxLQXyAAAAAKACchDkKQAAAgQFtAQCCAoBPLsEAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8317,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":2,"flow_last_seen":1499347970267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347970267,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhyoPJF9xMS0F86AScSDmFAAAAgQFtAQCCAoD5ox4ATy7BAEDAwc="} @@ -3502,20 +3394,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1499347976658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347976658,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z4xAAD4GXkSsEAABwKgKModuAFDMdKbNAAAAAKACchChhQAAAgQFtAQCCAoBPMFBAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8371,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":2,"flow_last_seen":1499347976658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347976658,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh26qPdKAzHSmzqAScSCPCQAAAgQFtAQCCAoD5pK2ATzBQQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":3,"flow_last_seen":1499347976659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347976659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z41AAD4GXkusEAABwKgKModuAFDMdKbOqj3SgYAQAOUuEAAAAQEICgE8wUID5pK2"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packets_processed":1,"flow_first_seen":1499347979251,"flow_last_seen":1499347979251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347979251,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1499347979251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347979251,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8naJAAD4GKC6sEAABwKgKMoeIAFCOM15oAAAAAKACchAliQAAAgQFtAQCCAoBPMPKAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8389,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":2,"flow_last_seen":1499347979251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347979251,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh4iSkzqsjjNeaaAScSDAAwAAAgQFtAQCCAoD5pU+ATzDygEDAwc="} @@ -3544,18 +3434,20 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1499347988233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347988233,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aCNAAD4GXa2sEAABwKgKMofoAFBt56SsAAAAAKACchD2awAAAgQFtAQCCAoBPMyPAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":2,"flow_last_seen":1499347988233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347988233,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh+gH+IEYbeekraAScSDMUAAAAgQFtAQCCAoD5p4DATzMjwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8468,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":3,"flow_last_seen":1499347988234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347988234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aCRAAD4GXbSsEAABwKgKMofoAFBt56StB\/iBGYAQAOVrWAAAAQEICgE8zI8D5p4D"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packets_processed":1,"flow_first_seen":1499347989526,"flow_last_seen":1499347989526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1499347989526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347989526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8S9BAAD4GegCsEAABwKgKMof2AFDafYYCAAAAAKACchCnLgAAAgQFtAQCCAoBPM3SAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8479,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":2,"flow_last_seen":1499347989526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347989526,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh\/a7HZT72n2GA6AScSC0xwAAAgQFtAQCCAoD5p9GATzN0gEDAwc="} @@ -3580,16 +3472,17 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1499347998605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347998605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MQxAAD4GlMSsEAABwKgKMohUAFBMT+e8AAAAAKACchDKZgAAAgQFtAQCCAoBPNawAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":2,"flow_last_seen":1499347998605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347998605,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiFT+qOY2TE\/nvaAScSA6WwAAAgQFtAQCCAoD5qgkATzWsAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":3,"flow_last_seen":1499347998606,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347998606,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MQ1AAD4GlMusEAABwKgKMohUAFBMT+e9\/qjmN4AQAOXZYQAAAQEICgE81rED5qgk"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packets_processed":310,"flow_first_seen":1499347807664,"flow_last_seen":1499347876003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232685,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packets_processed":1,"flow_first_seen":1499348001148,"flow_last_seen":1499348001148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348001148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1499348001148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348001148,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pkpAAD4GH4asEAABwKgKMohuAFDUG39mAAAAAKACchCoWgAAAgQFtAQCCAoBPNksAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8573,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":2,"flow_last_seen":1499348001148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348001148,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiG4I9+h41Bt\/Z6AScSAJQwAAAgQFtAQCCAoD5qqgATzZLAEDAwc="} @@ -3611,22 +3504,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1499348007599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348007599,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+WFAAD4GzG6sEAABwKgKMoiyAFBEayYYAAAAAKACchCKyAAAAgQFtAQCCAoBPN95AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8628,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":2,"flow_last_seen":1499348007599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348007599,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiLJr5HteRGsmGaAScSDvkAAAAgQFtAQCCAoD5rDtATzfeQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":3,"flow_last_seen":1499348007600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348007600,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+WJAAD4GzHWsEAABwKgKMoiyAFBEayYZa+R7X4AQAOWOmAAAAQEICgE833kD5rDt"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packets_processed":1,"flow_first_seen":1499348010145,"flow_last_seen":1499348010145,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348010145,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1499348010145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348010145,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81alAAD4G8CasEAABwKgKMojMAFACvDRcAAAAAKACchC7nQAAAgQFtAQCCAoBPOH1AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8646,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":2,"flow_last_seen":1499348010145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348010145,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiMxKQ6iIArw0XaAScSASYQAAAgQFtAQCCAoD5rNpATzh9QEDAwc="} @@ -3651,18 +3538,28 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1499348019059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348019059,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bDdAAD4GWZmsEAABwKgKMokqAFBENIadAAAAAKACchAe0QAAAgQFtAQCCAoBPOqqAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":2,"flow_last_seen":1499348019059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348019059,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiSoKVvNnRDSGnqAScSBh7QAAAgQFtAQCCAoD5rweATzqqgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":3,"flow_last_seen":1499348019059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348019059,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bDhAAD4GWaCsEAABwKgKMokqAFBENIaeClbzaIAQAOUA9QAAAQEICgE86qoD5rwe"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packets_processed":1,"flow_first_seen":1499348020357,"flow_last_seen":1499348020357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1499348020357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348020357,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MF5AAD4GlXKsEAABwKgKMok4AFAr8NuwAAAAAKACchDgrwAAAgQFtAQCCAoBPOvuAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":2,"flow_last_seen":1499348020357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348020357,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiTgvWFvMK\/DbsaAScSCVIQAAAgQFtAQCCAoD5r1iATzr7gEDAwc="} @@ -3687,15 +3584,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1499348029395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348029395,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DoBAAD4Gt1CsEAABwKgKMomWAFBGnvpCAAAAAKACchCePQAAAgQFtAQCCAoBPPTCAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":2,"flow_last_seen":1499348029395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348029395,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiZaKxK9BRp76Q6AScSCa+QAAAgQFtAQCCAoD5sY2ATz0wgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":3,"flow_last_seen":1499348029395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348029395,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DoFAAD4Gt1esEAABwKgKMomWAFBGnvpDisSvQoAQAOU6AQAAAQEICgE89MID5sY2"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packets_processed":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packets_processed":1,"flow_first_seen":1499348030687,"flow_last_seen":1499348030687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1499348030687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348030687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gAJAAD4GRc6sEAABwKgKMomkAFDF6nYHAAAAAKACchCh2wAAAgQFtAQCCAoBPPYFAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":2,"flow_last_seen":1499348030687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348030687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiaQ\/ByIUxep2CKAScSB2PwAAAgQFtAQCCAoD5sd5ATz2BQEDAwc="} @@ -3716,16 +3616,16 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1499348038438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348038438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j\/dAAD4GNdmsEAABwKgKMon0AFAYNXJgAAAAAKACchBLVgAAAgQFtAQCCAoBPP2XAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":2,"flow_last_seen":1499348038438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348038438,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQifSSwJxVGDVyYaAScSBKLgAAAgQFtAQCCAoD5s8KATz9lwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":3,"flow_last_seen":1499348038438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348038438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/hAAD4GNeCsEAABwKgKMon0AFAYNXJhksCcVoAQAOXpNQAAAQEICgE8\/ZcD5s8K"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packets_processed":1,"flow_first_seen":1499348041088,"flow_last_seen":1499348041088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348041088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1499348041088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348041088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l85AAD4GLgKsEAABwKgKMooOAFBaWpfjAAAAAKACchDg\/QAAAgQFtAQCCAoBPQAtAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8895,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":2,"flow_last_seen":1499348041088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348041088,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQig7ecTfrWlqX5KAScSD19wAAAgQFtAQCCAoD5tGhAT0ALQEDAwc="} @@ -3750,20 +3650,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8966,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1499348050079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348050079,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Gn1AAD4Gq1OsEAABwKgKMopsAFCVUBKIAAAAAKACchAiPQAAAgQFtAQCCAoBPQj1AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":2,"flow_last_seen":1499348050079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348050079,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQimww3+sulVASiaAScSAovgAAAgQFtAQCCAoD5tppAT0I9QEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":3,"flow_last_seen":1499348050080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348050080,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gn5AAD4Gq1qsEAABwKgKMopsAFCVUBKJMN\/rL4AQAOXHxQAAAQEICgE9CPUD5tpp"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packets_processed":1,"flow_first_seen":1499348051362,"flow_last_seen":1499348051362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051362,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1499348051362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348051362,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ntRAAD4GJvysEAABwKgKMop6AFCG4ZTiAAAAAKACchCtAgAAAgQFtAQCCAoBPQo2AAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":2,"flow_last_seen":1499348051362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348051362,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQinqx2HVxhuGU46AScSCnBwAAAgQFtAQCCAoD5tupAT0KNgEDAwc="} @@ -3792,16 +3688,17 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9050,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1499348060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348060393,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80ItAAD4G9USsEAABwKgKMoraAFD\/pcOMAAAAAKACchD8YgAAAgQFtAQCCAoBPRMHAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9051,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":2,"flow_last_seen":1499348060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348060393,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQitr3giqS\/6XDjaAScSDyygAAAgQFtAQCCAoD5uR7AT0TBwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":3,"flow_last_seen":1499348060394,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348060394,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00IxAAD4G9UusEAABwKgKMoraAFD\/pcON94Iqk4AQAOWR0QAAAQEICgE9EwgD5uR7"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packets_processed":316,"flow_first_seen":1499347872187,"flow_last_seen":1499347941610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":735,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packets_processed":1,"flow_first_seen":1499348061684,"flow_last_seen":1499348061684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1499348061684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348061684,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8R+ZAAD4GfeqsEAABwKgKMoroAFA+FlOsAAAAAKACchAsggAAAgQFtAQCCAoBPRRKAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":2,"flow_last_seen":1499348061684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348061684,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiuhWb4DgPhZTraAScSBsbAAAAgQFtAQCCAoD5uW+AT0USgEDAwc="} @@ -3826,16 +3723,18 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1499348070791,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348070791,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jQtAAD4GOMWsEAABwKgKMotGAFAklpAkAAAAAKACchAARwAAAgQFtAQCCAoBPR0vAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":2,"flow_last_seen":1499348070791,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348070791,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi0aOH7cfJJaQJaAScSDJXAAAAgQFtAQCCAoD5u6jAT0dLwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":3,"flow_last_seen":1499348070792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348070792,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jQxAAD4GOMysEAABwKgKMotGAFAklpAljh+3IIAQAOVoZAAAAQEICgE9HS8D5u6j"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packets_processed":1,"flow_first_seen":1499348072088,"flow_last_seen":1499348072088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348072088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1499348072088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348072088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DYZAAD4GuEqsEAABwKgKMotUAFAOsRP1AAAAAKACchCRCQAAAgQFtAQCCAoBPR5zAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":2,"flow_last_seen":1499348072088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348072088,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi1Q00\/Q8DrET9qAScSB1CgAAAgQFtAQCCAoD5u\/nAT0ecwEDAwc="} @@ -3861,20 +3760,16 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1499348081113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348081113,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P1ZAAD4GhnqsEAABwKgKMouyAFAGWhgVAAAAAKACchCMEgAAAgQFtAQCCAoBPSdDAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9226,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":2,"flow_last_seen":1499348081113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348081113,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi7IGSc2TBloYFqAScSC8dgAAAgQFtAQCCAoD5vi3AT0nQwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9227,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":3,"flow_last_seen":1499348081114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348081114,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P1dAAD4GhoGsEAABwKgKMouyAFAGWhgWBknNlIAQAOVbfQAAAQEICgE9J0QD5vi3"} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packets_processed":1,"flow_first_seen":1499348082422,"flow_last_seen":1499348082422,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082422,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1499348082422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348082422,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EzVAAD4GspusEAABwKgKMovAAFDEhDu+AAAAAKACchCo6AAAAgQFtAQCCAoBPSiLAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":2,"flow_last_seen":1499348082422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348082422,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi8Dw+8kBxIQ7v6AScSDx4wAAAgQFtAQCCAoD5vn\/AT0oiwEDAwc="} @@ -3899,19 +3794,18 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9306,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1499348091413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348091413,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nrdAAD4GJxmsEAABwKgKMoweAFAj3q\/lAAAAAKACchDMQQAAAgQFtAQCCAoBPTFTAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":2,"flow_last_seen":1499348091413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348091413,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjB4dm6koI96v5qAScSD\/rwAAAgQFtAQCCAoD5wLGAT0xUwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":3,"flow_last_seen":1499348091414,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348091414,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nrhAAD4GJyCsEAABwKgKMoweAFAj3q\/mHZupKYAQAOWetwAAAQEICgE9MVMD5wLG"} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packets_processed":311,"flow_first_seen":1499348002450,"flow_last_seen":1499348071824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232355,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packets_processed":1,"flow_first_seen":1499348092675,"flow_last_seen":1499348092675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092675,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1499348092675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348092675,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WzpAAD4GapasEAABwKgKMowsAFACaGm0AAAAAKACchAyoAAAAgQFtAQCCAoBPTKOAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":2,"flow_last_seen":1499348092675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348092675,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjCznHw5PAmhptaAScSA2JwAAAgQFtAQCCAoD5wQCAT0yjgEDAwc="} @@ -3928,6 +3822,111 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1499348099359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348099359,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tSBAAD4GELCsEAABwKgKMoxuAFCNr4w1AAAAAKACchB+DgAAAgQFtAQCCAoBPTkVAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":2,"flow_last_seen":1499348099359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348099359,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjG7WE+F5ja+MNqAScSC47wAAAgQFtAQCCAoD5wqJAT05FQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9371,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":3,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348099360,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tSFAAD4GELesEAABwKgKMoxuAFCNr4w21hPheoAQAOVX9wAAAQEICgE9ORUD5wqJ"} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packets_processed":311,"flow_first_seen":1499348002450,"flow_last_seen":1499348071824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232355,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packets_processed":133,"flow_first_seen":1499348068136,"flow_last_seen":1499348099366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":99154,"flow_avg_l4_payload_len":745,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -3965,6 +3964,7 @@ 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packets_processed":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packets_processed":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00165{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","total-events-serialized":3968} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9374/9374 diff --git a/test/results/aimini-http.pcap.out b/test/results/aimini-http.pcap.out index 69018f1c9..5a88375a2 100644 --- a/test/results/aimini-http.pcap.out +++ b/test/results/aimini-http.pcap.out @@ -1,4 +1,4 @@ -00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1614860229383,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614860229383,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229383,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229383,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="} diff --git a/test/results/ajp.pcap.out b/test/results/ajp.pcap.out index cab26eca7..cf6641fb4 100644 --- a/test/results/ajp.pcap.out +++ b/test/results/ajp.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ajp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ajp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":78,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","type":33024} 00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":78,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"ts_msec":1505154584447,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"} diff --git a/test/results/alexa-app.pcapng.out b/test/results/alexa-app.pcapng.out index 8ed7d7f72..8483c888b 100644 --- a/test/results/alexa-app.pcapng.out +++ b/test/results/alexa-app.pcapng.out @@ -1,4 +1,4 @@ -00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"alexa-app.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"alexa-app.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00313{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"ts_msec":1490976022526,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="} 00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","type":6} 00313{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"ts_msec":1490976022526,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="} @@ -311,7 +311,6 @@ 00856{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packets_processed":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976047956,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00364{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1490976048620,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} 00154{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","type":35085} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packets_processed":10,"flow_first_seen":1490976031691,"flow_last_seen":1490976032855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2154,"flow_avg_l4_payload_len":215,"midstream":0,"ts_msec":1490976054009,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packets_processed":1,"flow_first_seen":1490976054009,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976054009,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976054009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L1JAAEAGF52sECrYNF7ohrJ3AbtDNXw1AAAAAKAC\/\/+MNwAAAgQFtAQCCAoA9lNnAAAAAAEDAwg="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1490976054070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976054070,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="} @@ -333,17 +332,6 @@ 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1490976058162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976058162,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7EBAAEAGJ\/6sECrYNu8YuoT5Abs\/ELk+drNrh1AQAVcmrgAA"} 00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packets_processed":4,"flow_first_seen":1490976058103,"flow_last_seen":1490976058166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976058166,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00878{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packets_processed":7,"flow_first_seen":1490976058103,"flow_last_seen":1490976058222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976058222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packets_processed":32,"flow_first_seen":1490976041156,"flow_last_seen":1490976043655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10376,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packets_processed":18,"flow_first_seen":1490976041384,"flow_last_seen":1490976042405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1098,"flow_tot_l4_payload_len":2371,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packets_processed":18,"flow_first_seen":1490976041400,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packets_processed":17,"flow_first_seen":1490976041961,"flow_last_seen":1490976042341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5681,"flow_avg_l4_payload_len":334,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packets_processed":25,"flow_first_seen":1490976041870,"flow_last_seen":1490976042512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6902,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packets_processed":24,"flow_first_seen":1490976035553,"flow_last_seen":1490976036358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":238,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packets_processed":18,"flow_first_seen":1490976037754,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3335,"flow_avg_l4_payload_len":185,"midstream":0,"ts_msec":1490976064039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packets_processed":1,"flow_first_seen":1490976064328,"flow_last_seen":1490976064328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976064328,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1490976064328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976064328,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88S5AAEAGXAisECrYSBXOh6SkAbuyb6ZBAAAAAKAC\/\/8DBAAAAgQFtAQCCAoA9ldvAAAAAAEDAwg="} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packets_processed":1,"flow_first_seen":1490976064333,"flow_last_seen":1490976064333,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976064333,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -425,23 +413,6 @@ 00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packets_processed":4,"flow_first_seen":1490976071583,"flow_last_seen":1490976071642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packets_processed":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976071700,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packets_processed":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1490976071803,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packets_processed":11,"flow_first_seen":1490976044439,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":2175,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packets_processed":26,"flow_first_seen":1490976044189,"flow_last_seen":1490976046415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1178,"flow_tot_l4_payload_len":6385,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packets_processed":24,"flow_first_seen":1490976044219,"flow_last_seen":1490976046417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":6417,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packets_processed":22,"flow_first_seen":1490976044488,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":4402,"flow_avg_l4_payload_len":200,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packets_processed":17,"flow_first_seen":1490976044502,"flow_last_seen":1490976046415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packets_processed":14,"flow_first_seen":1490976044509,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packets_processed":13,"flow_first_seen":1490976044521,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packets_processed":29,"flow_first_seen":1490976046418,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":9785,"flow_avg_l4_payload_len":337,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packets_processed":15,"flow_first_seen":1490976047096,"flow_last_seen":1490976048927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packets_processed":78,"flow_first_seen":1490976041942,"flow_last_seen":1490976046399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41433,"flow_avg_l4_payload_len":531,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packets_processed":21,"flow_first_seen":1490976047560,"flow_last_seen":1490976048909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8468,"flow_avg_l4_payload_len":403,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packets_processed":29,"flow_first_seen":1490976043814,"flow_last_seen":1490976046408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10383,"flow_avg_l4_payload_len":358,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packets_processed":32,"flow_first_seen":1490976043814,"flow_last_seen":1490976046401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11039,"flow_avg_l4_payload_len":344,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packets_processed":22,"flow_first_seen":1490976047563,"flow_last_seen":1490976048928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5664,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packets_processed":23,"flow_first_seen":1490976047858,"flow_last_seen":1490976048917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4531,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packets_processed":25,"flow_first_seen":1490976047014,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1090,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packets_processed":43,"flow_first_seen":1490976047050,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":22531,"flow_avg_l4_payload_len":523,"midstream":0,"ts_msec":1490976074218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packets_processed":1,"flow_first_seen":1490976076042,"flow_last_seen":1490976076042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976076042,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1490976076042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976076042,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BbZAAEAGQTmsECrYNF7ohpD5Abuu0lmyAAAAAKAC\/\/9b\/gAAAgQFtAQCCAoA9lwEAAAAAAEDAwg="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1490976076114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976076114,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMG5AAOcGb4w0XuiGrBAq2AG7kPnjZM+NrtJZs3ASH\/4iEQAAAgQFtAEDAwY="} @@ -470,9 +441,6 @@ 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1490976083245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976083245,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWypAAOcGEgw27xi6rBAq2AG7hQaUlSPBbZRoTXASH\/4ogAAAAgQFtAEDAwY="} 00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packets_processed":7,"flow_first_seen":1490976082723,"flow_last_seen":1490976083245,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976083245,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1490976083337,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976083337,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNvVAAEAG3UmsECrYNu8YuoUGAbttlGhNlJUjwlAQAVdy8QAA"} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packets_processed":19,"flow_first_seen":1490976054009,"flow_last_seen":1490976055604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":3565,"flow_avg_l4_payload_len":187,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packets_processed":20,"flow_first_seen":1490976057977,"flow_last_seen":1490976058806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4791,"flow_avg_l4_payload_len":239,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packets_processed":19,"flow_first_seen":1490976058103,"flow_last_seen":1490976058813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4709,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00525{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00516{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00538{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} @@ -584,8 +552,6 @@ 01317{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packets_processed":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"ts_msec":1490976093953,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}} 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1490976094729,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} 00155{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","type":35085} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1529,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packets_processed":33,"flow_first_seen":1490976064452,"flow_last_seen":1490976068180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17572,"flow_avg_l4_payload_len":532,"midstream":0,"ts_msec":1490976094926,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1529,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packets_processed":21,"flow_first_seen":1490976064328,"flow_last_seen":1490976064897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5630,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1490976094926,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00531{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976094926,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00540{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packets_processed":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976094926,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packets_processed":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1490976099286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} @@ -606,20 +572,6 @@ 01281{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packets_processed":8,"flow_first_seen":1490976100859,"flow_last_seen":1490976101183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2974,"flow_avg_l4_payload_len":371,"midstream":0,"ts_msec":1490976101183,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1490976101550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976101550,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgdAAEAGAiSsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pRQAAAgQFtAQCCAoA9mX7AAAAAAEDAwg="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_last_seen":1490976101623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976101623,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwX5pAAOcGDZw27xi6rBAq2AG7hRl1e+g1UtF3knASH\/6OkAAAAgQFtAEDAwY="} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packets_processed":10,"flow_first_seen":1490976071237,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packets_processed":10,"flow_first_seen":1490976076275,"flow_last_seen":1490976077663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packets_processed":28,"flow_first_seen":1490976071286,"flow_last_seen":1490976075975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8626,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packets_processed":20,"flow_first_seen":1490976071306,"flow_last_seen":1490976075950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5104,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packets_processed":23,"flow_first_seen":1490976071349,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4754,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packets_processed":23,"flow_first_seen":1490976071380,"flow_last_seen":1490976075949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6831,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packets_processed":14,"flow_first_seen":1490976071385,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":675,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packets_processed":15,"flow_first_seen":1490976071583,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packets_processed":20,"flow_first_seen":1490976082723,"flow_last_seen":1490976084872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5020,"flow_avg_l4_payload_len":251,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packets_processed":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packets_processed":1,"flow_first_seen":1490976107217,"flow_last_seen":1490976107217,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1490976107217,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1490976107217,"pkt":"AMDKkaPvePiC0\/vCCABFAABFWlxAAEARM1KsECrYrBAqATiMADUAMXUjXSIBAAABAAAAAAAADHNraWxscy1zdG9yZQZhbWF6b24DY29tAAABAAE="} 00732{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packets_processed":1,"flow_first_seen":1490976107217,"flow_last_seen":1490976107217,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -696,19 +648,6 @@ 00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packets_processed":4,"flow_first_seen":1490976115905,"flow_last_seen":1490976116122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976116122,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":1490976116248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976116248,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwirZAAOcG4oU27xi0rBAq2AG7krCs\/eb6YAHS2XASH\/7iQAAAAgQFtAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1490976116249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976116249,"pkt":"AMDKkaPvePiC0\/vCCABFAAAouXFAAEAGWtOsECrYNu8YtJKwAbtgAdLZrP3m+1AQAVcssgAA"} -00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packets_processed":10,"flow_first_seen":1490976089426,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packets_processed":23,"flow_first_seen":1490976085829,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4344,"flow_avg_l4_payload_len":188,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packets_processed":19,"flow_first_seen":1490976085832,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2595,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packets_processed":20,"flow_first_seen":1490976088605,"flow_last_seen":1490976094930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":1938,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packets_processed":42,"flow_first_seen":1490976088958,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12771,"flow_avg_l4_payload_len":304,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packets_processed":27,"flow_first_seen":1490976090991,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5257,"flow_avg_l4_payload_len":194,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packets_processed":30,"flow_first_seen":1490976090572,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12466,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":180000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":630,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -717,19 +656,6 @@ 00559{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packets_processed":9,"flow_first_seen":1490976115905,"flow_last_seen":1490976118335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":933,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1490976118335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packets_processed":23,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6884,"flow_avg_l4_payload_len":299,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packets_processed":37,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13077,"flow_avg_l4_payload_len":353,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packets_processed":98,"flow_first_seen":1490976107455,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":31431,"flow_avg_l4_payload_len":320,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packets_processed":56,"flow_first_seen":1490976085644,"flow_last_seen":1490976098828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":21353,"flow_avg_l4_payload_len":381,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packets_processed":49,"flow_first_seen":1490976088631,"flow_last_seen":1490976098828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":18884,"flow_avg_l4_payload_len":385,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packets_processed":33,"flow_first_seen":1490976088937,"flow_last_seen":1490976110046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12258,"flow_avg_l4_payload_len":371,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packets_processed":27,"flow_first_seen":1490976089227,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8016,"flow_avg_l4_payload_len":296,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packets_processed":29,"flow_first_seen":1490976100859,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5318,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packets_processed":22,"flow_first_seen":1490976100811,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7423,"flow_avg_l4_payload_len":337,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -812,15 +738,8 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1490976139711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976139711,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyx1XQZuRlNdGa6AScSCQFAAAAgQFtAQCCAps+n\/1APZ03AEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_last_seen":1490976139713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976139713,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MrdAAEAGvZisECrYNFQ\/OMsdAFCU10ZrV0GbkoAQAVcupAAAAQEICgD2dONs+n\/1"} 01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139714,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packets_processed":29,"flow_first_seen":1490976089239,"flow_last_seen":1490976111839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10466,"flow_avg_l4_payload_len":360,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packets_processed":20,"flow_first_seen":1490976114885,"flow_last_seen":1490976117017,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4039,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packets_processed":19,"flow_first_seen":1490976114894,"flow_last_seen":1490976116921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2723,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packets_processed":20,"flow_first_seen":1490976114906,"flow_last_seen":1490976117017,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packets_processed":19,"flow_first_seen":1490976114921,"flow_last_seen":1490976117016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2611,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -837,31 +756,44 @@ 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_last_seen":1490976150126,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976150126,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6yhAAEAGW9qsECrYNF7ohrK2AbvOUJPPtBCaw1AQAVdVSgAA"} 00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packets_processed":4,"flow_first_seen":1490976150029,"flow_last_seen":1490976150127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976150127,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packets_processed":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976150196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packets_processed":10,"flow_first_seen":1490976031691,"flow_last_seen":1490976032855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2154,"flow_avg_l4_payload_len":215,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packets_processed":21,"flow_first_seen":1490976114940,"flow_last_seen":1490976120960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5531,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packets_processed":31,"flow_first_seen":1490976115905,"flow_last_seen":1490976120950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10788,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packets_processed":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packets_processed":24,"flow_first_seen":1490976035553,"flow_last_seen":1490976036358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":238,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packets_processed":1,"flow_first_seen":1490976158680,"flow_last_seen":1490976158680,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976158680,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1490976158680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976158680,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8\/ohAAEAGSGasECrYNF7ohrK3Abt2joLDAAAAAKAC\/\/8pLAAAAgQFtAQCCAoA9nxLAAAAAAEDAwg="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1490976158840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976158840,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwc8dAAOcGLDM0XuiGrBAq2AG7sreYM6oZdo6CxHASH\/6AKwAAAgQFtAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1490976158841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976158841,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/olAAEAGSHmsECrYNF7ohrK3Abt2joLEmDOqGlAQAVfKnAAA"} 00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packets_processed":4,"flow_first_seen":1490976158680,"flow_last_seen":1490976158842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976158842,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packets_processed":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976159147,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packets_processed":30,"flow_first_seen":1490976134140,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13897,"flow_avg_l4_payload_len":463,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packets_processed":59,"flow_first_seen":1490976134141,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31504,"flow_avg_l4_payload_len":533,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packets_processed":26,"flow_first_seen":1490976134144,"flow_last_seen":1490976135402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12573,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packets_processed":28,"flow_first_seen":1490976134146,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14135,"flow_avg_l4_payload_len":504,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packets_processed":31,"flow_first_seen":1490976134148,"flow_last_seen":1490976135505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15689,"flow_avg_l4_payload_len":506,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packets_processed":28,"flow_first_seen":1490976134149,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14785,"flow_avg_l4_payload_len":528,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packets_processed":51,"flow_first_seen":1490976139642,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29286,"flow_avg_l4_payload_len":574,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packets_processed":26,"flow_first_seen":1490976139643,"flow_last_seen":1490976140772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12822,"flow_avg_l4_payload_len":493,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packets_processed":21,"flow_first_seen":1490976139643,"flow_last_seen":1490976140745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8213,"flow_avg_l4_payload_len":391,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packets_processed":47,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30483,"flow_avg_l4_payload_len":648,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packets_processed":28,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13859,"flow_avg_l4_payload_len":494,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packets_processed":30,"flow_first_seen":1490976139643,"flow_last_seen":1490976140781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15821,"flow_avg_l4_payload_len":527,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packets_processed":31,"flow_first_seen":1490976130073,"flow_last_seen":1490976134134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8590,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packets_processed":41,"flow_first_seen":1490976136930,"flow_last_seen":1490976140745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13686,"flow_avg_l4_payload_len":333,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packets_processed":11,"flow_first_seen":1490976044439,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":2175,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packets_processed":32,"flow_first_seen":1490976041156,"flow_last_seen":1490976043655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10376,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packets_processed":18,"flow_first_seen":1490976041384,"flow_last_seen":1490976042405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1098,"flow_tot_l4_payload_len":2371,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packets_processed":18,"flow_first_seen":1490976041400,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packets_processed":26,"flow_first_seen":1490976044189,"flow_last_seen":1490976046415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1178,"flow_tot_l4_payload_len":6385,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packets_processed":24,"flow_first_seen":1490976044219,"flow_last_seen":1490976046417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":6417,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packets_processed":22,"flow_first_seen":1490976044488,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":4402,"flow_avg_l4_payload_len":200,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packets_processed":17,"flow_first_seen":1490976044502,"flow_last_seen":1490976046415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packets_processed":14,"flow_first_seen":1490976044509,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packets_processed":13,"flow_first_seen":1490976044521,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packets_processed":29,"flow_first_seen":1490976046418,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":9785,"flow_avg_l4_payload_len":337,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packets_processed":15,"flow_first_seen":1490976047096,"flow_last_seen":1490976048927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packets_processed":78,"flow_first_seen":1490976041942,"flow_last_seen":1490976046399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41433,"flow_avg_l4_payload_len":531,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packets_processed":17,"flow_first_seen":1490976041961,"flow_last_seen":1490976042341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5681,"flow_avg_l4_payload_len":334,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packets_processed":21,"flow_first_seen":1490976047560,"flow_last_seen":1490976048909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8468,"flow_avg_l4_payload_len":403,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packets_processed":29,"flow_first_seen":1490976043814,"flow_last_seen":1490976046408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10383,"flow_avg_l4_payload_len":358,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packets_processed":32,"flow_first_seen":1490976043814,"flow_last_seen":1490976046401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11039,"flow_avg_l4_payload_len":344,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packets_processed":22,"flow_first_seen":1490976047563,"flow_last_seen":1490976048928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5664,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packets_processed":23,"flow_first_seen":1490976047858,"flow_last_seen":1490976048917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4531,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packets_processed":25,"flow_first_seen":1490976041870,"flow_last_seen":1490976042512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6902,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packets_processed":25,"flow_first_seen":1490976047014,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packets_processed":43,"flow_first_seen":1490976047050,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":22531,"flow_avg_l4_payload_len":523,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packets_processed":18,"flow_first_seen":1490976037754,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3335,"flow_avg_l4_payload_len":185,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -882,8 +814,9 @@ 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_last_seen":1490976169729,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976169729,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanVAAEAG3I2sECrYNF7ohrK4AbvvmurzcBF5W1AQAVdCQQAA"} 00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packets_processed":4,"flow_first_seen":1490976169531,"flow_last_seen":1490976169731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976169731,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packets_processed":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976169888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packets_processed":23,"flow_first_seen":1490976142629,"flow_last_seen":1490976148981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3595,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1490976174736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packets_processed":38,"flow_first_seen":1490976029248,"flow_last_seen":1490976152630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12350,"flow_avg_l4_payload_len":325,"midstream":0,"ts_msec":1490976174736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packets_processed":19,"flow_first_seen":1490976054009,"flow_last_seen":1490976055604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":3565,"flow_avg_l4_payload_len":187,"midstream":0,"ts_msec":1490976174736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packets_processed":20,"flow_first_seen":1490976057977,"flow_last_seen":1490976058806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4791,"flow_avg_l4_payload_len":239,"midstream":0,"ts_msec":1490976174736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packets_processed":19,"flow_first_seen":1490976058103,"flow_last_seen":1490976058813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4709,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1490976174736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packets_processed":1,"flow_first_seen":1490976177026,"flow_last_seen":1490976177026,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976177026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1490976177026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1490976177026,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWmFAAEARM1GsECrYrBAqARDYADUALXE1hGEBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="} 00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packets_processed":1,"flow_first_seen":1490976177026,"flow_last_seen":1490976177026,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976177026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -912,8 +845,8 @@ 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1490976178110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976178110,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lfxAAEAGejasECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9M+QAAAgQFtAQCCAoA9oPjAAAAAAEDAwg="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1490976178284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976178284,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww9ZAAOcGpWc27xyyrBAq2AG7xm5KXM+cbPUWhXASH\/7T5AAAAgQFtAEDAwY="} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1490976180796,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1490976180796,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packets_processed":20,"flow_first_seen":1490976150029,"flow_last_seen":1490976164211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":2962,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packets_processed":21,"flow_first_seen":1490976158680,"flow_last_seen":1490976164214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2813,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packets_processed":33,"flow_first_seen":1490976064452,"flow_last_seen":1490976068180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17572,"flow_avg_l4_payload_len":532,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packets_processed":21,"flow_first_seen":1490976064328,"flow_last_seen":1490976064897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5630,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packets_processed":1,"flow_first_seen":1490976186164,"flow_last_seen":1490976186164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -1001,14 +934,14 @@ 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2911,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1490976196075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976196075,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLWpAAEAG4tysECrYNu8csuLAAbtkEKeJW8DRcFAQAVdmrQAA"} 00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packets_processed":4,"flow_first_seen":1490976196016,"flow_last_seen":1490976196079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976196079,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00889{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packets_processed":6,"flow_first_seen":1490976196016,"flow_last_seen":1490976196143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976196143,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packets_processed":18,"flow_first_seen":1490976169531,"flow_last_seen":1490976175920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2883,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packets_processed":19,"flow_first_seen":1490976029756,"flow_last_seen":1490976171313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5024,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packets_processed":19,"flow_first_seen":1490976165062,"flow_last_seen":1490976175921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1290,"flow_tot_l4_payload_len":3345,"flow_avg_l4_payload_len":176,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packets_processed":56,"flow_first_seen":1490976067968,"flow_last_seen":1490976168824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":26805,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packets_processed":10,"flow_first_seen":1490976071237,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packets_processed":10,"flow_first_seen":1490976076275,"flow_last_seen":1490976077663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packets_processed":28,"flow_first_seen":1490976071286,"flow_last_seen":1490976075975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8626,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packets_processed":20,"flow_first_seen":1490976071306,"flow_last_seen":1490976075950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5104,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packets_processed":23,"flow_first_seen":1490976071349,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4754,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packets_processed":23,"flow_first_seen":1490976071380,"flow_last_seen":1490976075949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6831,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packets_processed":14,"flow_first_seen":1490976071385,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":675,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packets_processed":15,"flow_first_seen":1490976071583,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packets_processed":1,"flow_first_seen":1490976196223,"flow_last_seen":1490976196223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976196223,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1490976196223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976196223,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Y0xAAEAG+qKsECrYNFXRj5ZTAbu3TOm6AAAAAKAC\/\/+mLwAAAgQFtAQCCAoA9or2AAAAAAEDAwg="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2943,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1490976196257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976196257,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7llOp3LO0t0zpu6AScSBd6wAAAgQFtAQCCApt5QucAPaK9gEDAwg="} @@ -1043,10 +976,33 @@ 00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packets_processed":37,"flow_first_seen":1490976177276,"flow_last_seen":1490976187754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12795,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packets_processed":17,"flow_first_seen":1490976186164,"flow_last_seen":1490976186790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5152,"flow_avg_l4_payload_len":303,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packets_processed":30,"flow_first_seen":1490976134140,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13897,"flow_avg_l4_payload_len":463,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packets_processed":59,"flow_first_seen":1490976134141,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31504,"flow_avg_l4_payload_len":533,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packets_processed":26,"flow_first_seen":1490976134144,"flow_last_seen":1490976135402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12573,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packets_processed":28,"flow_first_seen":1490976134146,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14135,"flow_avg_l4_payload_len":504,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packets_processed":31,"flow_first_seen":1490976134148,"flow_last_seen":1490976135505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15689,"flow_avg_l4_payload_len":506,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packets_processed":28,"flow_first_seen":1490976134149,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14785,"flow_avg_l4_payload_len":528,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packets_processed":51,"flow_first_seen":1490976139642,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29286,"flow_avg_l4_payload_len":574,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packets_processed":26,"flow_first_seen":1490976139643,"flow_last_seen":1490976140772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12822,"flow_avg_l4_payload_len":493,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packets_processed":21,"flow_first_seen":1490976139643,"flow_last_seen":1490976140745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8213,"flow_avg_l4_payload_len":391,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packets_processed":47,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30483,"flow_avg_l4_payload_len":648,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packets_processed":28,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13859,"flow_avg_l4_payload_len":494,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packets_processed":30,"flow_first_seen":1490976139643,"flow_last_seen":1490976140781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15821,"flow_avg_l4_payload_len":527,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":180000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":630,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packets_processed":2,"flow_first_seen":1490976055356,"flow_last_seen":1490976180796,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packets_processed":21,"flow_first_seen":1490976187511,"flow_last_seen":1490976190310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9181,"flow_avg_l4_payload_len":437,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packets_processed":33,"flow_first_seen":1490976186884,"flow_last_seen":1490976197347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":15483,"flow_avg_l4_payload_len":469,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packets_processed":10,"flow_first_seen":1490976089426,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packets_processed":23,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6884,"flow_avg_l4_payload_len":299,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packets_processed":37,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13077,"flow_avg_l4_payload_len":353,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packets_processed":98,"flow_first_seen":1490976107455,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":31431,"flow_avg_l4_payload_len":320,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packets_processed":31,"flow_first_seen":1490976130073,"flow_last_seen":1490976134134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8590,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packets_processed":41,"flow_first_seen":1490976136930,"flow_last_seen":1490976140745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13686,"flow_avg_l4_payload_len":333,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packets_processed":23,"flow_first_seen":1490976142629,"flow_last_seen":1490976148981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3595,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packets_processed":24,"flow_first_seen":1490976076042,"flow_last_seen":1490976177233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3494,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -1064,19 +1020,48 @@ 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packets_processed":65,"flow_first_seen":1490976195529,"flow_last_seen":1490976198776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34748,"flow_avg_l4_payload_len":534,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packets_processed":56,"flow_first_seen":1490976085644,"flow_last_seen":1490976098828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":21353,"flow_avg_l4_payload_len":381,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packets_processed":23,"flow_first_seen":1490976085829,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4344,"flow_avg_l4_payload_len":188,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packets_processed":19,"flow_first_seen":1490976085832,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2595,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packets_processed":20,"flow_first_seen":1490976088605,"flow_last_seen":1490976094930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":1938,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packets_processed":49,"flow_first_seen":1490976088631,"flow_last_seen":1490976098828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":18884,"flow_avg_l4_payload_len":385,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packets_processed":33,"flow_first_seen":1490976088937,"flow_last_seen":1490976110046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12258,"flow_avg_l4_payload_len":371,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packets_processed":42,"flow_first_seen":1490976088958,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12771,"flow_avg_l4_payload_len":304,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packets_processed":27,"flow_first_seen":1490976089227,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8016,"flow_avg_l4_payload_len":296,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packets_processed":29,"flow_first_seen":1490976089239,"flow_last_seen":1490976111839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10466,"flow_avg_l4_payload_len":360,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packets_processed":20,"flow_first_seen":1490976114885,"flow_last_seen":1490976117017,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4039,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packets_processed":19,"flow_first_seen":1490976114894,"flow_last_seen":1490976116921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2723,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packets_processed":20,"flow_first_seen":1490976114906,"flow_last_seen":1490976117017,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packets_processed":19,"flow_first_seen":1490976114921,"flow_last_seen":1490976117016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2611,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packets_processed":21,"flow_first_seen":1490976114940,"flow_last_seen":1490976120960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5531,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packets_processed":29,"flow_first_seen":1490976030894,"flow_last_seen":1490976194743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13865,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packets_processed":20,"flow_first_seen":1490976150029,"flow_last_seen":1490976164211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":2962,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packets_processed":21,"flow_first_seen":1490976158680,"flow_last_seen":1490976164214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2813,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packets_processed":18,"flow_first_seen":1490976169531,"flow_last_seen":1490976175920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2883,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packets_processed":19,"flow_first_seen":1490976029756,"flow_last_seen":1490976171313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5024,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packets_processed":19,"flow_first_seen":1490976165062,"flow_last_seen":1490976175921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1290,"flow_tot_l4_payload_len":3345,"flow_avg_l4_payload_len":176,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packets_processed":31,"flow_first_seen":1490976115905,"flow_last_seen":1490976120950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10788,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packets_processed":19,"flow_first_seen":1490976196016,"flow_last_seen":1490976196282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packets_processed":56,"flow_first_seen":1490976067968,"flow_last_seen":1490976168824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":26805,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packets_processed":19,"flow_first_seen":1490976195633,"flow_last_seen":1490976195989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6582,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packets_processed":27,"flow_first_seen":1490976090991,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5257,"flow_avg_l4_payload_len":194,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packets_processed":29,"flow_first_seen":1490976100859,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5318,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1085,16 +1070,31 @@ 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packets_processed":62,"flow_first_seen":1490976196223,"flow_last_seen":1490976196880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24810,"flow_avg_l4_payload_len":400,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packets_processed":7,"flow_first_seen":1490976024857,"flow_last_seen":1490976024994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packets_processed":20,"flow_first_seen":1490976082723,"flow_last_seen":1490976084872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5020,"flow_avg_l4_payload_len":251,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packets_processed":30,"flow_first_seen":1490976090572,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12466,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packets_processed":22,"flow_first_seen":1490976100811,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7423,"flow_avg_l4_payload_len":337,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packets_processed":41,"flow_first_seen":1490976093358,"flow_last_seen":1490976194991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7317,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packets_processed":17,"flow_first_seen":1490976027567,"flow_last_seen":1490976028006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":1437,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packets_processed":38,"flow_first_seen":1490976029248,"flow_last_seen":1490976152630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12350,"flow_avg_l4_payload_len":325,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packets_processed":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","total-events-serialized":1099} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/among_us.pcap.out b/test/results/among_us.pcap.out index 1edd8b727..66eb510bb 100644 --- a/test/results/among_us.pcap.out +++ b/test/results/among_us.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"among_us.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"among_us.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":180000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"ts_msec":946681200000,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"} 00575{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":180000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"proto":"AmongUs","breed":"Fun","category":"Game"}} diff --git a/test/results/amqp.pcap.out b/test/results/amqp.pcap.out index 046a4e6ee..43c159ab8 100644 --- a/test/results/amqp.pcap.out +++ b/test/results/amqp.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="} 00572{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}} diff --git a/test/results/android.pcap.out b/test/results/android.pcap.out index 4558dd6f9..dc41dd698 100644 --- a/test/results/android.pcap.out +++ b/test/results/android.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"android.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"android.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1582454769772,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -24,12 +24,6 @@ 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1582454796360,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1582454796360,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIV+oAAEARnGrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="} 00587{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454823029,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454823029,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454823029,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454823029,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"ts_msec":1582454823029,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"ts_msec":1582454823029,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01118{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1582454823029,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"ts_msec":1582454823029,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIavtMAAEARM6\/AqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1582454823653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1582454823653,"pkt":"AQBeAAD72DBiVgAcCABFAABJmVsAAP8RtXWp\/uHY4AAA+xTpFOkANUGgAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"} @@ -325,10 +319,16 @@ 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454872031,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="} 00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_idle_time":180000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"flow_avg_l4_payload_len":298,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/anyconnect-vpn.pcap.out b/test/results/anyconnect-vpn.pcap.out index a49d4ff54..f83918af5 100644 --- a/test/results/anyconnect-vpn.pcap.out +++ b/test/results/anyconnect-vpn.pcap.out @@ -1,4 +1,4 @@ -00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1569687240992,"flow_last_seen":1569687240992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687240992,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569687240992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687240992,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687241009,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"} @@ -154,8 +154,6 @@ 00747{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1569687261050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1569687261054,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1569687261054,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1zo8AjF9N8ySBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAABwCMABgABAAADVABFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"} 00748{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1569687261054,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687261317,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687261317,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00639{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_idle_time":180000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687261317,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} 00650{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":5,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_idle_time":180000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687261318,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -296,7 +294,6 @@ 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1569687270740,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"ts_msec":1569687270740,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA47wm4MsCCkExSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzAgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="} 00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}} 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1569687271101,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"ts_msec":1569687271101,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgLGIAAEAROYgKAADjCgAAAc1zAMAADBGuCAEDEA=="} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1569687271335,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1569687271764,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"ts_msec":1569687271764,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48i24MsCCjOhSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzEgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="} 00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -319,6 +316,8 @@ 00556{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} @@ -360,6 +359,7 @@ 00577{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} 00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} diff --git a/test/results/anydesk-2.pcap.out b/test/results/anydesk-2.pcap.out index 9d57a37a4..9d366d295 100644 --- a/test/results/anydesk-2.pcap.out +++ b/test/results/anydesk-2.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk-2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk-2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613977585247,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1613977585247,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"} 00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/anydesk.pcap.out b/test/results/anydesk.pcap.out index 4f7b98a0f..e3e681123 100644 --- a/test/results/anydesk.pcap.out +++ b/test/results/anydesk.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1591342198821,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1591342198821,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"} diff --git a/test/results/avast_securedns.pcapng.out b/test/results/avast_securedns.pcapng.out index e60e34748..08ea39ca6 100644 --- a/test/results/avast_securedns.pcapng.out +++ b/test/results/avast_securedns.pcapng.out @@ -1,4 +1,4 @@ -00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"avast_securedns.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"avast_securedns.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625215624443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625215624443,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"} 00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVAST SecureDNS","breed":"Safe","category":"Network"}} diff --git a/test/results/bad-dns-traffic.pcap.out b/test/results/bad-dns-traffic.pcap.out index 9b96003fc..53c558eeb 100644 --- a/test/results/bad-dns-traffic.pcap.out +++ b/test/results/bad-dns-traffic.pcap.out @@ -1,4 +1,4 @@ -00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1486012623234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"ts_msec":1486012623234,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} 00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/badpackets.pcap.out b/test/results/badpackets.pcap.out index 8168d822a..e21e45fdb 100644 --- a/test/results/badpackets.pcap.out +++ b/test/results/badpackets.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"badpackets.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"badpackets.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00646{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"ts_msec":1495451029466,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} 00175{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":237} 00690{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"ts_msec":1495451030401,"pkt":"xDRrta3IeLr5aHlnCABFAAXc9nogAOcRxKmDTlH+zLpQ5QA1PsIG13F6XwyFkwABAAAADAABC3BobDFzcHJ0MTA4BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAbgAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAbgCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="} diff --git a/test/results/bitcoin.pcap.out b/test/results/bitcoin.pcap.out index dd3f42a35..e7005d4bc 100644 --- a/test/results/bitcoin.pcap.out +++ b/test/results/bitcoin.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bitcoin.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bitcoin.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1301327937725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301327937725,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1301327937800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301327937800,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"} diff --git a/test/results/bittorrent.pcap.out b/test/results/bittorrent.pcap.out index ea29a5a79..6f7700d6e 100644 --- a/test/results/bittorrent.pcap.out +++ b/test/results/bittorrent.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469967246,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} 00719{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} diff --git a/test/results/bittorrent_ip.pcap.out b/test/results/bittorrent_ip.pcap.out index 2d60e4008..805db733f 100644 --- a/test/results/bittorrent_ip.pcap.out +++ b/test/results/bittorrent_ip.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_ip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_ip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1492508985380,"flow_last_seen":1492508985380,"flow_idle_time":7440000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"ts_msec":1492508985380,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492508985380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1492508985380,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnYlAADUGywC5OBQkCgAADtGOiNaC0hsOOk8HpoAQAQ9pDwAAAQEICnOGuIMAaon5wq2wH+fJAB37WaFc0xGrpC62Mk25YlmPUd6ck3UOPlnlmaLDK5iccRQxV6Lrpsvp\/uuH07fwJI5d7\/2xQsXKRbbf\/dZsog8rfXyOu4oWkiFqn16z1YOEpNojRPpe7v7oH86SIuoL3dpLCw3AXEVUNxwx2S7LDL5\/rfeDM8+Bcl\/\/R8Opw8m+od\/En5GEEzZ3xGrHEqfzxOcCFet4txleRVwSMtJGmJGEZlxnSc9bQojqyP8G3\/vCd1PweWLboTk+NjSajTAv1YG+aTAyluKRr0qFOpDKQmC3IVqzr4W9DmG3o93pWPJfaiwZdc0LXafyZIup0T3O+0SD+1KX\/MXVxLlbkrHIObYhG0KRzwzkIiO\/HR3aqzKcLzpGqVYzgATNkx6loBM2zXf8m\/XhjwgHW\/CGReGZFPmB8J6GzYgFDRMMKktYU5wo0oK4SF13YaHyFNIDAJL3DAyL5r+1U9G1+dr8PIMRJp4\/FwQSe6a94CTR4ZskCkdLrs8tj1RsuwrXTbzvqBJzUsQBm9rJfZm4y9w1pfULJ8D1TYjJjMzSDEl0T6hV8EZ4dmzL6IhYkOgH8tql6Y93Y0ddSoYv324931xWI\/bR1RKV7BANQbXUG2pG0h2KZpa6XgVabRUtP99Tr7\/5gqL\/IS2bD5xlSK1xPITsCAn7s7qmMuBYou\/b61yEnXpRH5c7+HPoOUXeVk4W9oZrQVAXk5BbSMEHW5RfTBUhNP++2i6eHn+vUbuL8UK5lLIATIcvvZI9dlyGFiLHDfDqqIZCrFy3RyOhH2X\/YORdIg7sw\/ndDLMFBseU\/KWeXwePK6mHg0z23nZaHdFSoeEOxwrWY0lgWUBWjSyZYzTSBwlfgqsQztiEM77xdLWOhbIlx8\/nuG0COEMh2y1lyIiYlKLCMQXTS7K\/j1FVuF\/8tvPyElMf3rWajnXt3EqUVmFpQ6LS9QxFLTpgEdeFnf2qL+AmoEuGUjU9kJweI25uL0Z9lzpQhvvCq8wd9I+ftZPKuA6dZ\/k3GrkabkYxGDbzhE5ROw\/DgJVMx8YTocrJYMUrgGEF+p9he2ru4LLtxOeShPq42CbnIGyZfsPr53QY+AEuNN1DHzxtN+wF\/8izHYs9Nm7vOWO5FyqA5I1eXm+bYBqxrutPktuKTr3AfJQHxFyberh\/WGaCmyY1JDhaxqT6lahZjq\/D+h\/+cEW317H+1sg6aF1yFTeoDuELtGhphh\/6RwybG6XySF4DX3+mdR3VpDjIljqG2zlOcw4y9GPTB0vD0AfEp6VvCyFfJDbXcmK3LpFLGEF5msQT5bCRePIl2ts6C5\/K71IHEGDPO2Pna8kfaM4QGJ2FEOm\/xWLLsagIQPw6MSeEcAjjO6xkOeOb7btfefPF4Kqyu4ZO6Dzvgl7z+p4BOxyjwIming13hAtv7syoCsUTcyEZ7qN3Z1aE0wB8ZLg5qK0FPpcYv5DNjm96suA59qoy4XiMdUVp7mB3au2pxK33YcDYQwNH4vEAMRMnaiZbwUYX7PyP2fmGyj4etY6\/bzsgqteorOb3gC0UWBkYEiO9kyElGbVXiYAbr+cNxxY6pf6owquBKfCW+9gNQM1Gf3JOhOZXrurW533Z43nBgLYv3+V+2tLwZ1ozPyKPrSjCuP15ektq6c1rgVAbemep1fdRC8ScYX38M92H9PR2+eGCsHtEDQpBXk5LKK8TFCIvKYqIOASd2UUU5JBJTDxPo8Dwxaolh1aYwuyIWd2Y0ZZS0MaxB03Gs37ZQEebCoytVUbaQ8N4pKz7QcsA+9kfdLFgkcDGaBaeG2k\/9sjsS9pkJk1hIC0qCshMy5uCV2qA5VPCarO85ASgoheRo5nDYkD5BXNn2XlPP\/DEADBYv466aYqeaVlkvH4VxCi5CTumh0poopX16s9g9P5WDW3G3znJwzFtdiZlOelig10="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492508985380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492508985380,"pkt":"pL8BAjLCGM9eF7izCABFAAA0h3tAAEAG294KAAAOuTgUJIjW0Y46TwemgtIgtoAQCI+fXQAAAQEICgBqiw9zhriD"} diff --git a/test/results/bittorrent_utp.pcap.out b/test/results/bittorrent_utp.pcap.out index a0010d2f6..feae21b63 100644 --- a/test/results/bittorrent_utp.pcap.out +++ b/test/results/bittorrent_utp.pcap.out @@ -1,4 +1,4 @@ -00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_utp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_utp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1456385034843,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1456385034843,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="} 00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} diff --git a/test/results/bt_search.pcap.out b/test/results/bt_search.pcap.out index 287073d24..57f59d292 100644 --- a/test/results/bt_search.pcap.out +++ b/test/results/bt_search.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bt_search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bt_search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430752225251,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"ts_msec":1430752225251,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} diff --git a/test/results/capwap.pcap.out b/test/results/capwap.pcap.out index c0ea33f07..e0465092c 100644 --- a/test/results/capwap.pcap.out +++ b/test/results/capwap.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"capwap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"capwap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1422328949167,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"ts_msec":1422328949167,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="} 00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} diff --git a/test/results/cassandra.pcap.out b/test/results/cassandra.pcap.out index f7774f9a1..5423b7d75 100644 --- a/test/results/cassandra.pcap.out +++ b/test/results/cassandra.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cassandra.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cassandra.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="} diff --git a/test/results/check_mk_new.pcap.out b/test/results/check_mk_new.pcap.out index 728df3389..81c90adda 100644 --- a/test/results/check_mk_new.pcap.out +++ b/test/results/check_mk_new.pcap.out @@ -1,4 +1,4 @@ -00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"check_mk_new.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"check_mk_new.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1512031663734,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1512031663734,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1512031663734,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="} diff --git a/test/results/chrome.pcap.out b/test/results/chrome.pcap.out index 3bd17d2bb..b84ed2024 100644 --- a/test/results/chrome.pcap.out +++ b/test/results/chrome.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1620902507870,"flow_last_seen":1620902507870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620902507870,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620902507870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620902507870,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620902507899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="} diff --git a/test/results/coap_mqtt.pcap.out b/test/results/coap_mqtt.pcap.out index 31e7dea58..c9bc570f1 100644 --- a/test/results/coap_mqtt.pcap.out +++ b/test/results/coap_mqtt.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"coap_mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"coap_mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1333957710293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1333957710293,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="} 00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}} diff --git a/test/results/cpha.pcap.out b/test/results/cpha.pcap.out index 251c15fcc..79fcdbf48 100644 --- a/test/results/cpha.pcap.out +++ b/test/results/cpha.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cpha.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cpha.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00405{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":96,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":96,"pkt_l4_len":0,"ts_msec":1603354463286,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"} 00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","type":33024} 00151{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","total-events-serialized":4} diff --git a/test/results/dcerpc.pcap.out b/test/results/dcerpc.pcap.out index 817ff70fd..a00ecb706 100644 --- a/test/results/dcerpc.pcap.out +++ b/test/results/dcerpc.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dcerpc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dcerpc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":180000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1602860709979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"ts_msec":1602860709979,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"} 00587{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":180000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}} diff --git a/test/results/diameter.pcap.out b/test/results/diameter.pcap.out index 0515ffb2c..b1303777c 100644 --- a/test/results/diameter.pcap.out +++ b/test/results/diameter.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"ts_msec":1263278878271,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1263278878292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"ts_msec":1263278878292,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} diff --git a/test/results/dlt_ppp.pcap.out b/test/results/dlt_ppp.pcap.out index b69657d19..b42e88f65 100644 --- a/test/results/dlt_ppp.pcap.out +++ b/test/results/dlt_ppp.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dlt_ppp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dlt_ppp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 01937{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"ts_msec":1031,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"} 00149{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","protocol":33} 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","total-events-serialized":4} diff --git a/test/results/dnp3.pcap.out b/test/results/dnp3.pcap.out index 01d286cf1..bb42ba5f5 100644 --- a/test/results/dnp3.pcap.out +++ b/test/results/dnp3.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnp3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnp3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1097501938503,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1097501938503,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} diff --git a/test/results/dns-tunnel-iodine.pcap.out b/test/results/dns-tunnel-iodine.pcap.out index af89eb801..89cd877e5 100644 --- a/test/results/dns-tunnel-iodine.pcap.out +++ b/test/results/dns-tunnel-iodine.pcap.out @@ -1,4 +1,4 @@ -00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1282356640051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1282356640051,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="} 00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/dns_ambiguous_names.pcap.out b/test/results/dns_ambiguous_names.pcap.out index 0b7e588ee..3bae4668b 100644 --- a/test/results/dns_ambiguous_names.pcap.out +++ b/test/results/dns_ambiguous_names.pcap.out @@ -1,4 +1,4 @@ -00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625744123717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"ts_msec":1625744123717,"pkt":"ABshv2HAVASmitEsCABFAABS3sIAAEARfvYKyAILCAgICLz3ADUAPh0yZjEBIAABAAAAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQAAKRAAAAAAAAAA"} 00736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/dns_doh.pcap.out b/test/results/dns_doh.pcap.out index f2c76455b..9ee0f525b 100644 --- a/test/results/dns_doh.pcap.out +++ b/test/results/dns_doh.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1571089200789,"flow_last_seen":1571089200789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1571089200789,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1571089200789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1571089200789,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1571089200876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1571089200876,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"} diff --git a/test/results/dns_dot.pcap.out b/test/results/dns_dot.pcap.out index 0dcfb44a4..4e585f029 100644 --- a/test/results/dns_dot.pcap.out +++ b/test/results/dns_dot.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1572783663234,"flow_last_seen":1572783663234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1572783663234,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572783663234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1572783663234,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1572783663269,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="} diff --git a/test/results/dns_exfiltration.pcap.out b/test/results/dns_exfiltration.pcap.out index 57a363b95..17f97719c 100644 --- a/test/results/dns_exfiltration.pcap.out +++ b/test/results/dns_exfiltration.pcap.out @@ -1,4 +1,4 @@ -00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_exfiltration.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_exfiltration.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":180000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1580978146717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1580978146717,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="} 00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":180000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/dns_fragmented.pcap.out b/test/results/dns_fragmented.pcap.out index 397277406..d0420620f 100644 --- a/test/results/dns_fragmented.pcap.out +++ b/test/results/dns_fragmented.pcap.out @@ -1,4 +1,4 @@ -00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_fragmented.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_fragmented.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1558968008021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1558968008021,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="} 00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/dns_long_domainname.pcap.out b/test/results/dns_long_domainname.pcap.out index c780fa7ad..fc3b94e0d 100644 --- a/test/results/dns_long_domainname.pcap.out +++ b/test/results/dns_long_domainname.pcap.out @@ -1,4 +1,4 @@ -00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_long_domainname.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_long_domainname.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1599686652555,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1599686652555,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="} 00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out index bb2ecb2da..65ef946f3 100644 --- a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,4 +1,4 @@ -00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946735705348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} diff --git a/test/results/dnscrypt-v2-doh.pcap.out b/test/results/dnscrypt-v2-doh.pcap.out index bcff9efc4..c26ff468e 100644 --- a/test/results/dnscrypt-v2-doh.pcap.out +++ b/test/results/dnscrypt-v2-doh.pcap.out @@ -1,4 +1,4 @@ -00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946739298533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"ts_msec":946739298533,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="} 00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} diff --git a/test/results/dnscrypt_skype_false_positive.pcapng.out b/test/results/dnscrypt_skype_false_positive.pcapng.out index 5a9905b47..1d16dde88 100644 --- a/test/results/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/dnscrypt_skype_false_positive.pcapng.out @@ -1,4 +1,4 @@ -00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1625015363846,"flow_last_seen":1625015363846,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":1625015363846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625015363846,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":1625015363846,"pkt":"eJS0JASgYDjgxTWgCABFcAIcMeUAAKoRYLfAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD3lhBxF+xRcXm4OudBLKFF3lXNzJRT1n1mCwEwKyGhzNUC6UkZad2AWsmuU16fgPBH\/sceAjxvXbeJaMQ9EbSG+EryR20f36x0OJcNkQYlfmM\/kN4T86L0ASqKQ0TZzuEESSiQX32uxygOna3C7y8YkubD4iZwEIg4QPEIQOdpWbEXtV\/o83jys6juVpKCDsvd9F8BJn0A7cjfMFRaUEMtODCG9KXBGEFHSZ18dK+ql0\/Pni3Dqd6Y7WU9Mlsj6IJPn77nWwLoqZYdJM9PltVUKA0BCDDZWLsJkP+knwwM996eWvPVPxNZ1KKAU+KOVJ04oTxBObGh5XZz6JStYBY6Gu1I+A7lBm6RD\/WCsjY01E5zHZUyzq\/sRzA5mq5v96ugcirzkq3k0\/Yi8TtQ9Ei2s6Y2t9FI5mQA6UNGXKigRJGNMlurE7oVNz9ZGKjrmgUROTHW19Dk8giJLA8E8v8V\/Kx+sNH6hBiMP0Nh9x\/ejK++VYPU3QRVutcD8PafmUWXqxmeXX5tAdjXoA\/bR66F4Yy0keXtHiEolfEIPbbw5Dss1Er21DaArDQUxYztwJdUkbudQ3HagiiDaY7lCwmWsiFTSiz+tzK3sS0+qynhYwsO0Zb6cGdfI="} 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625015363881,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":1625015363881,"pkt":"YDjgxTWgeJS0JASgCABFAAEMb2FAADQRWrvUL+SIwKgCZAG7twoA+ISncjZmbnZXajh5YQcRfsUXF5uDrnRgM\/W0etYbRlCvzAlkKKyMUQLv0ljsGjvVtZfe\/2tl\/VnemuvYfUBk\/FlJZG2T9aqA3YLF1UTRltK97uI2ksWKJgX3BniRDpntrFamW1JEmb\/3xLyET8LVaXWh0WE97YtyY5BJWfj3a3nIABAcBULeLr+9m6kab1t2+yUw8O2x9jiPjOG9E0ybqrKAE6AYHqZ5TwJfUOjYj\/lXF7jHkO1u0hdfTacv4XB0pSOO1yv7woMURQKedSBCZ47xfNaXXx66LiGW4zFY9AWDuJNy+t3jJfjPP44rub81jFTM"} diff --git a/test/results/doq.pcapng.out b/test/results/doq.pcapng.out index 74891f2c5..1175b30d1 100644 --- a/test/results/doq.pcapng.out +++ b/test/results/doq.pcapng.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1606056093199,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1606056093199,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} diff --git a/test/results/doq_adguard.pcapng.out b/test/results/doq_adguard.pcapng.out index 81a0dbc9a..e46066d14 100644 --- a/test/results/doq_adguard.pcapng.out +++ b/test/results/doq_adguard.pcapng.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq_adguard.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq_adguard.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02108{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1608278425043,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"ts_msec":1608278425043,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="} 00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} diff --git a/test/results/dos_win98_smb_netbeui.pcap.out b/test/results/dos_win98_smb_netbeui.pcap.out index 36c661a69..d36170ef1 100644 --- a/test/results/dos_win98_smb_netbeui.pcap.out +++ b/test/results/dos_win98_smb_netbeui.pcap.out @@ -1,4 +1,4 @@ -00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"ts_msec":1576409796586,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="} 00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"ts_msec":1576409796586,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="} diff --git a/test/results/drda_db2.pcap.out b/test/results/drda_db2.pcap.out index bd2877134..cdf564999 100644 --- a/test/results/drda_db2.pcap.out +++ b/test/results/drda_db2.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"drda_db2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"drda_db2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1175543772220,"flow_last_seen":1175543772220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1175543772220,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1175543772220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1175543772220,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1175543772221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1175543772221,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="} diff --git a/test/results/dropbox.pcap.out b/test/results/dropbox.pcap.out index 2df7ae5f5..2219c0cec 100644 --- a/test/results/dropbox.pcap.out +++ b/test/results/dropbox.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dropbox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dropbox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455907271481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1455907271481,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"} 00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} diff --git a/test/results/dtls.pcap.out b/test/results/dtls.pcap.out index 4990e3be0..1fb4f1f23 100644 --- a/test/results/dtls.pcap.out +++ b/test/results/dtls.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":180000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1545143424891,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"ts_msec":1545143424891,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} 00840{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":180000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} diff --git a/test/results/dtls2.pcap.out b/test/results/dtls2.pcap.out index 06918a8f3..3e1e769b4 100644 --- a/test/results/dtls2.pcap.out +++ b/test/results/dtls2.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507911659748,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"ts_msec":1507911659748,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"} 00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} diff --git a/test/results/dtls_certificate_fragments.pcap.out b/test/results/dtls_certificate_fragments.pcap.out index d5c0a1345..c85700392 100644 --- a/test/results/dtls_certificate_fragments.pcap.out +++ b/test/results/dtls_certificate_fragments.pcap.out @@ -1,4 +1,4 @@ -00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":180000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1556606275726,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"ts_msec":1556606275726,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"} 00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":180000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} diff --git a/test/results/dtls_session_id_and_coockie_both.pcap.out b/test/results/dtls_session_id_and_coockie_both.pcap.out index 9d1b4af9e..4560f0770 100644 --- a/test/results/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/dtls_session_id_and_coockie_both.pcap.out @@ -1,4 +1,4 @@ -00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388499775,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"ts_msec":1592388499775,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"} 00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} diff --git a/test/results/encrypted_sni.pcap.out b/test/results/encrypted_sni.pcap.out index 89e6372bd..f2f2d71e4 100644 --- a/test/results/encrypted_sni.pcap.out +++ b/test/results/encrypted_sni.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} 00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} diff --git a/test/results/ethereum.pcap.out b/test/results/ethereum.pcap.out index 1e49d5966..85a7e9f23 100644 --- a/test/results/ethereum.pcap.out +++ b/test/results/ethereum.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethereum.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethereum.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578508362274,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508362274,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="} 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} diff --git a/test/results/exe_download.pcap.out b/test/results/exe_download.pcap.out index 0c56acd78..a3cc22653 100644 --- a/test/results/exe_download.pcap.out +++ b/test/results/exe_download.pcap.out @@ -1,4 +1,4 @@ -00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1569434051004,"flow_last_seen":1569434051004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569434051004,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434051004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569434051004,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1569434051324,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="} diff --git a/test/results/exe_download_as_png.pcap.out b/test/results/exe_download_as_png.pcap.out index 3006facc4..9fbbdea29 100644 --- a/test/results/exe_download_as_png.pcap.out +++ b/test/results/exe_download_as_png.pcap.out @@ -1,4 +1,4 @@ -00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download_as_png.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download_as_png.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1569434903040,"flow_last_seen":1569434903040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569434903040,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434903040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569434903040,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434903440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1569434903440,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="} diff --git a/test/results/facebook.pcap.out b/test/results/facebook.pcap.out index a4b2b05c9..82852a24d 100644 --- a/test/results/facebook.pcap.out +++ b/test/results/facebook.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"facebook.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"facebook.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1472393122365,"flow_last_seen":1472393122365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1472393122365,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1472393122365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1472393122365,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1472393122668,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="} diff --git a/test/results/firefox.pcap.out b/test/results/firefox.pcap.out index 4cb810527..cf0e738e1 100644 --- a/test/results/firefox.pcap.out +++ b/test/results/firefox.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1620927997754,"flow_last_seen":1620927997754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620927997754,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620927997754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620927997754,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620927997781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620927997781,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="} diff --git a/test/results/fix.pcap.out b/test/results/fix.pcap.out index 12e27a994..d176539b2 100644 --- a/test/results/fix.pcap.out +++ b/test/results/fix.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"ts_msec":1493755109242,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="} 00568{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}} diff --git a/test/results/forticlient.pcap.out b/test/results/forticlient.pcap.out index 115e70055..8b75517fd 100644 --- a/test/results/forticlient.pcap.out +++ b/test/results/forticlient.pcap.out @@ -1,4 +1,4 @@ -00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"forticlient.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"forticlient.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1621067203571,"flow_last_seen":1621067203571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1621067203571,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621067203571,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1621067203571,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1621067203633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1621067203633,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="} diff --git a/test/results/ftp-start-tls.pcap.out b/test/results/ftp-start-tls.pcap.out index b5773c20d..ea92dd659 100644 --- a/test/results/ftp-start-tls.pcap.out +++ b/test/results/ftp-start-tls.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp-start-tls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp-start-tls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1383123629078,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383123629078,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} diff --git a/test/results/ftp.pcap.out b/test/results/ftp.pcap.out index 1c3d51402..543b7bee9 100644 --- a/test/results/ftp.pcap.out +++ b/test/results/ftp.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1552590234892,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1552590234892,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1552590234892,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1552590234919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1552590234919,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="} diff --git a/test/results/ftp_failed.pcap.out b/test/results/ftp_failed.pcap.out index e61d412bb..90a8e0a72 100644 --- a/test/results/ftp_failed.pcap.out +++ b/test/results/ftp_failed.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp_failed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp_failed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1574361625864,"flow_last_seen":1574361625864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1574361625864,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574361625864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1574361625864,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574361625878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1574361625878,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="} diff --git a/test/results/genshin-impact.pcap.out b/test/results/genshin-impact.pcap.out index adff1a32f..bde09bc56 100644 --- a/test/results/genshin-impact.pcap.out +++ b/test/results/genshin-impact.pcap.out @@ -1,4 +1,4 @@ -00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"genshin-impact.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"genshin-impact.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1615497372822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1615497372822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1615497372822,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} 00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1615497372822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} diff --git a/test/results/git.pcap.out b/test/results/git.pcap.out index 42861767b..ac87e5ab2 100644 --- a/test/results/git.pcap.out +++ b/test/results/git.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1460821630164,"flow_last_seen":1460821630164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1460821630164,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460821630164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1460821630164,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460821630221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1460821630221,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="} diff --git a/test/results/google_ssl.pcap.out b/test/results/google_ssl.pcap.out index 96fb29d10..902882da3 100644 --- a/test/results/google_ssl.pcap.out +++ b/test/results/google_ssl.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"google_ssl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"google_ssl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1434443394683,"flow_last_seen":1434443394683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1434443394683,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434443394683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1434443394683,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434443394717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1434443394717,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"} diff --git a/test/results/googledns_android10.pcap.out b/test/results/googledns_android10.pcap.out index 3c9f073d1..0a55bc6ec 100644 --- a/test/results/googledns_android10.pcap.out +++ b/test/results/googledns_android10.pcap.out @@ -1,4 +1,4 @@ -00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"googledns_android10.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"googledns_android10.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592552824409,"flow_last_seen":1592552824409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552824409,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592552824409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1592552824409,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592552824632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1592552824632,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"} @@ -29,10 +29,6 @@ 00589{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"entropy":5.297900,"proto":"ICMP.Google","breed":"Tracker\/Ads","category":"Network"}} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1592552827440,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1592552827440,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAA6JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1592552828402,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1592552828402,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl\/5AAEAB0FPAqAGfCAgICAgAgPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":146,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552846987,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Tracker\/Ads","category":"Web"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":146,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552846987,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":146,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1592552846987,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":146,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1592552846987,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1592552871852,"flow_last_seen":1592552871852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552871852,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1592552871852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1592552871852,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0V5sAAHYGHtYICAQEwKgBnwNVu2A7uJADhSLfzIARAX\/+2gAAAQEICuSDFST\/\/78G"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1592552871941,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGbH3AqAGfCAgEBLtgA1WFIt\/MAAAAAFAEAAC96AAA"} @@ -42,11 +38,15 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1592552878563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1592552878563,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"} 00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1592552878564,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1592552878577,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":208,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1592552889402,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00533{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":208,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1592552889402,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":224,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552901352,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Tracker\/Ads","category":"Web"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":224,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552901352,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Tracker\/Ads","category":"Web"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552991281,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Tracker\/Ads","category":"Web"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552991281,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1592552991281,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":1,"flow_first_seen":1592553007037,"flow_last_seen":1592553007037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1592553007037,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1592553007037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1592553007037,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8FgpAAEAGVl\/AqAGfCAgEBLxSA1VGZWurAAAAAKAC\/\/+KUgAAAgQFtAQCCAoAAH2hAAAAAAEDAwg="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1592553007051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1592553007051,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="} @@ -54,7 +54,7 @@ 00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1592553007088,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00885{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} 01187{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":325,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1592553019012,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00169{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","total-events-serialized":59} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/gquic.pcap.out b/test/results/gquic.pcap.out index 39d24e988..16d137fa6 100644 --- a/test/results/gquic.pcap.out +++ b/test/results/gquic.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"gquic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"gquic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591876186378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1591876186378,"pkt":"6PckTkFdoMWJ9P+XCABFAAVieo1AAIARvdoKLAUZ2DrVo+6pAbsFTko2w1EwNTAIAXaX8XoV5u8AAEU0NFnBgsF5hkBVQ9QcdhAQB7AX4STVuX+cZkTXcyq7Q06MKI3IMV7nn3XwVsYd8lSM2UQ2Mh\/Lz0P54TH133\/BjF8sKcZx48\/VepMyZjozNf6hUhocgBAvamo29IXHVqILxpkl4wjCzjbjeV119chifFcXxaTjllFkxsh3XmLG5348E\/qK2TLLnMy43JAHw6S2e1v2BO4WXkya\/bcrsjPnQYikRvTxH8li9ZflQ5PttsYcSUtQigVmzX+3zu6YljUMgwCKrGbUc4ym0tN37M5ly\/uhm21+A6fvtyySGNQfP7wJOsR1iWGsA6NR+V\/fmgbvfd72gKd0sTHFADbRPSKYDc0XDK\/X8vG8GXGEknHbOT7DGSzLKpHYvLrwIaFjsweHE6gkta44k2oP3lJ5y\/ohylLleMWOzrznvbvHmPDTo6fznFlCwcMwiT5bU7kKdr22dfJC4HZKXgrfdx\/kyr9W7YgF8ndv1gEMp60hGoa3HeIkNrwcimMUj8lo1MQMLSdfIURLgLYuYXeqNU9nrCpCTOHF8rljnTLtemFl5GKnW4QO+Vn8YQU0wC2WniPFD0JOSE\/9\/8uhjdFWVDMbiGWhYk1SCdcSCnwwatMyU\/DcpZqDI25eb58WZqvNqtnsCmojU\/8N4SjVKXFe6sqZF9Vu2GvgHDvSqxDzjeY9qlts4TuIbe+gH+w1MKU7JxNtGZ08YyKdDEVfiklQ\/xyvSgH5AGRqlnD6igJ7NF54pjKD67q+V\/b7AzUVhGIbpajDS4rvn+fDdhXSGqLFbtHNBw9zOlfyLlg3QCkztn+awCGkuUrUQJWRuzHeXcQ9Pm+GTWr4ztxdNe8GOdcH0fw\/02FqwqbZa0xgXb6ogDH\/Z7u3OTt5CsB\/hPp4imvHezect7LAbuRcIJ+tmXKeqwNdUGoyV614kYKA0aTDm4QbBmp4nIg9dspzjXHExZ33U9zxLwZ8DYwQJDoYhywocb4+jKp5OhFT0Egt5ANj4PPsKNBEjNDxnpAKCiI11YkYMyYj1BSFJ2mKW5kFXZ2\/Uk7W0jKMRykBFSaIJ+fwu1W4yhNjDR69KpOGwGw5d47DA9U+Gj7qbRCpjgb1v145AzbIQNTU\/mwU8gqij0o+rVb\/pUEtWMRho\/Yukqvj0PDpk20u\/iMNduvSEQAQLt7IA31zZMJsdzUDXqeH4lvAJTdAXDM+BfHOutfryXO0ilZKrrhbJmj03RyAieSkoI7y9TYI7udqZUukM2QcgXS180FYjb94yLuFlXG0La9U7oT6UzgYEOrDdq4bcoWorhw9j4EjTTcsFMkNO8f65TlicSD0KdGh7ggCR8NtD2qMSi4KIMxq9IHmGPWBJODrdc1+LXcmA3ApoiY81zbK2QPTdK0LHWSdeauC3LCzY9zJ5bEtZvA4hiamdfZl4E5cxC\/raRilWW9+sNuXDrAH9rw48q66KiLSEC63yDpS1q549REO+OCEIx8SKQQoN1W6tspnVZ3EKLwuCby00TS84gP7\/ke1UZsRSUTrMeCETmkIya9DRfJn3gxYto584jg1Sk6Axi4aJ8MlnhdHfC\/0XWQrVM1UOD3\/J3K5XZUZKJ5vUWJzfBTgAe8J4\/heUMD2WmkBuQIER6hh9JGvwyZ2I6vJO7KXsorNCeXZA6iFfdtk90sqEl67LnWUAJmZ\/6NzgV\/JXrGoQRR0uqoWVC\/xj1u+c66MRH8y3Tf8DUoZ1L57SrRzGrkWBB6B2RSkfxWVzZUSCgEgPU4Lp+fnv6pDzh8zifmLUphU5Jycotx7"} 00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}} diff --git a/test/results/h323-overflow.pcap.out b/test/results/h323-overflow.pcap.out index bec7a3025..1128fd5b9 100644 --- a/test/results/h323-overflow.pcap.out +++ b/test/results/h323-overflow.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"h323-overflow.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"h323-overflow.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":946681200000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="} 00586{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} diff --git a/test/results/hangout.pcap.out b/test/results/hangout.pcap.out index 7a6c40e52..0628cd1f9 100644 --- a/test/results/hangout.pcap.out +++ b/test/results/hangout.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hangout.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hangout.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1468516947751,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1468516947751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1468516947751,"pkt":"CJ4BbNkmACFeRhcmCABFAACEs2cAACwRwp9KfYZ\/Clk9DUtp3FYAcAThAQEAVCESpEJmaHpqc2RpS0drd1gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFKAHosL2sVKq2EKifFUwLylv3i3sgCgABLYwivQ="} 00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1468516947751,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} diff --git a/test/results/hpvirtgrp.pcap.out b/test/results/hpvirtgrp.pcap.out index e4245c3e6..274597961 100644 --- a/test/results/hpvirtgrp.pcap.out +++ b/test/results/hpvirtgrp.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hpvirtgrp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hpvirtgrp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1614852331255,"flow_last_seen":1614852331255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614852331255,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614852331255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614852331255,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614852331284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1614852331284,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"} diff --git a/test/results/http-crash-content-disposition.pcap.out b/test/results/http-crash-content-disposition.pcap.out index 18796e539..8ab9287ce 100644 --- a/test/results/http-crash-content-disposition.pcap.out +++ b/test/results/http-crash-content-disposition.pcap.out @@ -1,4 +1,4 @@ -00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1492518365663,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"} 00168{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","type":12} 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1492518365767,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"} diff --git a/test/results/http-lines-split.pcap.out b/test/results/http-lines-split.pcap.out index ab98035ea..e604ec15a 100644 --- a/test/results/http-lines-split.pcap.out +++ b/test/results/http-lines-split.pcap.out @@ -1,4 +1,4 @@ -00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-lines-split.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-lines-split.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1593713340401,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1593713340401,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1593713340401,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"} diff --git a/test/results/http-manipulated.pcap.out b/test/results/http-manipulated.pcap.out index c65b1a9b9..46daeee79 100644 --- a/test/results/http-manipulated.pcap.out +++ b/test/results/http-manipulated.pcap.out @@ -1,4 +1,4 @@ -00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-manipulated.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-manipulated.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":946727901369,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"} diff --git a/test/results/http_auth.pcap.out b/test/results/http_auth.pcap.out index b7044b990..2ff6269cf 100644 --- a/test/results/http_auth.pcap.out +++ b/test/results/http_auth.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_auth.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_auth.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1381844050222,"flow_last_seen":1381844050222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1381844050222,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1381844050222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1381844050222,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1381844050402,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="} diff --git a/test/results/http_ipv6.pcap.out b/test/results/http_ipv6.pcap.out index 4bca92fcd..8df04a9b2 100644 --- a/test/results/http_ipv6.pcap.out +++ b/test/results/http_ipv6.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_ipv6.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_ipv6.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1448269123954,"flow_last_seen":1448269123954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269123954,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1448269123954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269123954,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269123971,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="} diff --git a/test/results/iec60780-5-104.pcap.out b/test/results/iec60780-5-104.pcap.out index f8db0836b..2bb93d39a 100644 --- a/test/results/iec60780-5-104.pcap.out +++ b/test/results/iec60780-5-104.pcap.out @@ -1,4 +1,4 @@ -00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iec60780-5-104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iec60780-5-104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1219992231267,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1219992231267,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992231267,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="} @@ -9,31 +9,31 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1219992393215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992393215,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1219992393216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992393216,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"} 00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992393217,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":36,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1219992435817,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1219992486295,"flow_last_seen":1219992486295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1219992486295,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1219992486295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992486295,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1219992486296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992486296,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1219992486296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992486296,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"} 00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992486297,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1219992546671,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1219992546671,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1219992590188,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1219992590188,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992590188,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"} 00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992590189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1219992650189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1219992650189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":77,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1219992710190,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1219992782348,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1219992782348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992782348,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992782348,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1219992782349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992782349,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"} 00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992782350,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1219992804345,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1219992819942,"flow_last_seen":1219992819942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1219992819942,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1219992819942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992819942,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1219992819943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992819943,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1219992819943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992819943,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"} 00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992819944,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1219992852463,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":115,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1219992909959,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1219992935396,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1219993055118,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","total-events-serialized":38} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/imaps.pcap.out b/test/results/imaps.pcap.out index ca8494e27..1b0d9a668 100644 --- a/test/results/imaps.pcap.out +++ b/test/results/imaps.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imaps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imaps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1590857744659,"flow_last_seen":1590857744659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1590857744659,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590857744659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1590857744659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1590857744706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1590857744706,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="} diff --git a/test/results/instagram.pcap.out b/test/results/instagram.pcap.out index 190f1ef45..ad2444476 100644 --- a/test/results/instagram.pcap.out +++ b/test/results/instagram.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"instagram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"instagram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1436720898354,"flow_last_seen":1436720898354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1436720898354,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436720898354,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720898354,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1436720898386,"flow_last_seen":1436720898386,"flow_idle_time":7440000,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"ts_msec":1436720898386,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -114,13 +114,6 @@ 01304{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"ts_msec":1436720908665,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","issuerDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1436720908719,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1436720908719,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRgAAEABOq7AqABnwKgAZwMDAwcAAAAARQAAPLKEQABABvFRwKgAZ63CKBTA\/QG7ZKZcEQAAAACgAjkIlxQAAAIEBbQEAggKAAPulQAAAAABAwMG"} 02359{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1436720908720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"ts_msec":1436720908720,"pkt":"QPMIw47hABsv8H60CABFAAWqkOBAAFUGUh0fDV00wKgAZwG7g+MQ445PobbjVYAQANmoZAAAAQEICvAgso0AA+57FwMBBgAJWuxAFmWJOuMXXLFPa+ihsePS3XMy0YIQztBBVmLMKv7bKksLnHy6Qejj3IofgvBbzBtV3GqDkMg6uh0P6N7FwcSe3tUjgcGiijvn6K818Zp8xqjp0tEb5pWvqXYqObddd2Hnzu6vQfWb9eTm5eWBjMWaH+46WOkF+yLDu28OnCnI6DRA4hVUhPFmv3Y3Jc5EGy9h1liFAXpPz8RauF02nsY9w0LD3TtF0JwByoPONdeUPZq\/WKka9SPqVUAIaUqD+iiuPiB4iY\/P40454jR2ubUAx1KxalPDxCZcJOVc\/mRFMjjylf886\/qgnF5\/zNdIB+osc8LQ7+njijbpW6+nsd1r20QxY5h4iboPc5bOwlwaY54bOkKhUi3rW\/yK+SdRmOIbvY6QnNs\/NHnLztmSVepcsVQj4\/LAs3sQee2yV5Zb\/OKdnbNcoVz0fzHzanGF+shxmnBL7MHCUWI6dyfgrtdeHJw7AeiUY3i\/mTZNsE8HDXYtj4PZmBRSpw9Tn6yrOi8oCWZlu5KzIRGzRJtFphUHZ6meh5JLg+hn5njKZANgsGVL5D4VIgoF1kaCOaYkGXgkZUN4f977LcfvI6GMq+I5puCewiP+Uuk1kPF9pzskRav04M10TqsDM7GhlmoPVQK4OBUJ9tHagFf6IatPi0\/17iyM\/LjiFML0PoAxBFfvl5DWDm64B7S6wNuZznilyLl+dRCTX+DG4IWEZ9iWMuJz0q4h3NgjCjbVoEhcXrIzm79zTgYF1K\/Fc1eVQ5pDkZIk+MSfw+JmzqDNkO7KlRRDcuvw+93T8NghPFPmCMaGi36H+eJ8qZHgJQD6VyTq0u+kS7b7xcTR0rfQCJsFB5GAwMG7Gp3gleQk40HnR7gOPSTpCQbfSRM+5donNBgSWHGZa9A+e6lLq4NFCERiwzj3U\/o3rAI1FPY3nDbj4wb3EgILuovLCxScYhTNarC2IzSTHU8Qk8N2SV+q0qGc9KDK7Jyj+IHlvAecHsLgYXphxLiTsup\/3eR29a5fD0B54hNbSHf+QHisCGvO8syBPnMdbwGhHIhnTTwNn1eEHqk6X5WP24wp\/q9HBPEopbXKhKpIJHSzjJGb6QwaZFDvJ0eS8PBbauWDkSrvIOpQ+81F3KtLkj4QiFmXv6kUM6e\/ijm1X4ctGQCDMzfE6CL9kNIZ0KT10hk0pBqwVPBgsjzabFgBWuwkhXkJMqXx8tC1EU+7y29gsrs\/ybrD8eTd4mRW4AQWWxsx8SCg4RuBagiQndKzKvD7t\/D1UNx\/cjM+FPNHc3Vo6COyR4bKIxJFsFcqKxflWpQPrWlcHnstMeCf6fe7rHShYcn66kSCS9GJMM\/PUNJmbrAgWC5m7qX18BfYRtqglq81Hxihw61ZCMOoAsDBgvxxxkjs4uHIg0bxq+QIHC4jEm62Kc2GqcJIEifAbDIMGTrfg+zGbXs6fbA2wHWV\/6sG736+zvLX7Jbtdr+R3sSX9sMXEufLQEprDfFP7rjDtjD6q3s32bdz6TPKsaKweTpBUQdUPpxrBp58LHYIfh7kBM6ZZ7B\/leOdLQ4iB0qa4hkq1hvJbOmBVgxwN8J6lLAiR2zfKtjyjIgh1PIEwm0tWG3PrpvEGPUu+zdVEzsubp+CEZmpQpom3JAd8mN1yHxpyrcTLFJkY\/8guFvDtth\/joA1HCjPx5dnKVrWK+v+DF0itobPJ17srGXjTUdxq+PcFTOSkogqyTZpAghuLdzESZm4BYIuVxTMgSSAIWua\/B9nB7ubZGXJW35Hmjvh2589ysVkb287bswERaCrOs6tPVp2NtqRIS7vXD6J\/TWsp5LCRdFcfNfT70AwbYVcnpBdE0+y3eeVEDxU"} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":1,"flow_first_seen":1436720942507,"flow_last_seen":1436720942507,"flow_idle_time":7440000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1436720942507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720942507,"pkt":"QPMIw47hABsv8H60CABFAAW+7YVAADkGAKFcejCKwKgAZwBQolpM7hj\/zhvj2IAQAkuefgAAAQEIClRk1HoAA\/vEM\/iaPUALhIFKAs5lHhGDDQh9Ri+cJ7IlO3+U+lz\/AJfyy4DxuV\/4P\/o+vmeH\/hNqoIELoODxfoOAIXO0PMXMPnHoxqeYBwGo8oxahQh6j0xfzNnmEda9CmYCeDSna\/qNrEPvGW50RvR5h7uG+kXcGOBC7BGEPlQE7Yj9VADdS1kT29D7gnk\/qeBFzA3CDCDhz3gqv7gHmWA5mGyOJepR4EJPDEPmPiCsftA0fdwDBLwVjxH\/APKX29LRhXxOnSI4Ih5PTBEwQnYqjD3MPs\/lmZehG\/8AA\/8AT9Hx6L7CfPoFCO57QQY24Pf04EGPxc98QOB6OuYRGOvzGux+sHlCW3CnI9H6gK1Ng5mdNzFbgAyRCbreGctT5jQZEPRP6hHkIS+\/zCBFmIuGjFqI5\/uEmVBMg4hgvEdvaB+4PuYjwpncLG\/tARaSCgOECnAbe4e1GCNFARmxVQDALDyR+IOzv5nsz8T3R9wgRZi+8GdC55PovxL0YHoYoPEbSjg1BB16Ln\/4Ec+hG4XhdQP\/AAj\/AMS6qDzBT7P5oVuK4jP\/AJHo+vQ7xerHEOB\/MJM94fCL+ohnTjGoAOagD3iFagB4f5QswHhzoMy9DME64+YwcJGH3EIGYuyBB\/nEZ7TiCoY8wSKYOu5S3H2g4tgD7wANpxRQzjSFNilH9hDgQM9sJvDWSNGHs+0x8CbLnF1CclwLoBlRBpI3BxPAqGmw4ykVAG2kgAoGHly28ROIeyXA2GoWBRqYf9ufUEBje0FkRrD+IQecxboE3AOv7hC5gHugOOCfdiAGoheJXCdB6Ed+p6M6LnkF\/wDE\/UhuA8wf1fzRQdReggNdvURGX6gnc9o44SIJ4hEESg55h9ABOXCdAKBoAFARRJEzn9QkfZAdHcCZJ+0IfM82YFNwK2Mw9qjfbgB0alLX9QhRGT8SvaFD494T\/MQk8fqbOERdBBwkdmvmWKJzcwHIfLgJbfaBYGFByYLxbUA8zSMwDgeEJIj+oTwQfxK2SqgEvgPeFbIcbVX7KFvlB0KE87hYZQPRwPeH6uPhbjHBiWw7nL\/pnZCDnKByYHCBX5hgfMf3hZBZhDmz8QG7Sft6CPUI8RE4GpvB6ATxO3ovP\/jgJ7wEhHscGHx\/KuIHYBmYYPQqqng7Ew+z+eE4MfX\/AIH\/AIC6cAjiPoYHoIzU95cXVxsDhHD1AhE8T+IY4OoOZmio9RCbH6gBuoGYHNqg6GxAMRoQsrcD5h\/xiG2xCYJgDAIuFMDMWQBiwOT8QxkaQi4CCaSgP+GHg7nfnqF6wY1vXxCXqouAITzC5A3GyRRmF3HmjA9oXEGuJ4Jq1PKGF\/7E95xsZ1BT9jB0SPvOduIB7RHP\/I2Kh0kBNLD6MJz\/AJxbQj\/cwB4GCtzsgKZoQlqFxuEQHvc\/HoBi7iniEcIXcEEJgK9QOtGCOFaheFFdZ+3oP5CQaM\/4fzxGF7M4WoAHGX69x7j9FCP\/AB2jTxue8EBOF7EXZxDcScHjmEuIzgiYdDA4gRRtmHoJ56mwKX8F7wmCMfSKDe0XnQmaYuEnIC1Mc2QAHUVdCAtCh95n5imGNgyjyD5nfMLuXxBSoSDA8yxX\/E2oKG5iGgBLzCfMJ8wOCHsTPCecIsrQDCihrgix+Z7lA8uF2\/cOhJ+kLZAhOzHsR5iHYfYwUTAf3AWIwicr0HmfKhO7a+IxmwhfEE4GEoYUcHmODzCekU8+jhiigMf\/AMP\/AC\/+CLkzo9Jgh9HB5hJiiiPP\/m\/QDF7gHoYUsRjU4ATF9pWVBkA54Qk7j4h1hQB0nyIzIr0gCl4cXcIPGA8E49oZ0qhZBz7QqP8AqAKhDWgfxPgD+8p7uAtmJgK+HmA8sQ2B+ggN5gCPfcBNIz9YSgzZ9hABBp2CMzM="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1436720942508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720942508,"pkt":"ABsv8H60QPMIw47hCABFAAA0JelAAEAGxsfAqABnXHowiqJaAFDOG+PYTO4eiYAQH+pOOgAAAQEICgAD+8dUZNR5"} @@ -156,8 +149,12 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":7,"flow_first_seen":1436720900692,"flow_last_seen":1436720900876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3517,"flow_avg_l4_payload_len":502,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} 00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -170,6 +167,8 @@ 00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":1509,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -177,6 +176,7 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} @@ -237,7 +237,7 @@ ~~ total layer4 data length..: 2699527 bytes ~~ total detected protocols..: 25 ~~ total active/idle flows...: 38/38 -~~ total timeout flows.......: 10 +~~ total timeout flows.......: 13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ total memory allocated....: 2709740 bytes ~~ total memory freed........: 2709740 bytes diff --git a/test/results/ip_fragmented_garbage.pcap.out b/test/results/ip_fragmented_garbage.pcap.out index 2b96de930..8934d37c2 100644 --- a/test/results/ip_fragmented_garbage.pcap.out +++ b/test/results/ip_fragmented_garbage.pcap.out @@ -1,4 +1,4 @@ -00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1534244024697,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"} 00357{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAl4mKigqJl4lJCMmKihLSUo="} diff --git a/test/results/iphone.pcap.out b/test/results/iphone.pcap.out index 44a718afb..4ef8ab215 100644 --- a/test/results/iphone.pcap.out +++ b/test/results/iphone.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iphone.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iphone.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454552576,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454552576,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"ts_msec":1582454552576,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} 00589{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454552576,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} diff --git a/test/results/ipv6_in_gtp.pcap.out b/test/results/ipv6_in_gtp.pcap.out index c8beb6bed..a48777717 100644 --- a/test/results/ipv6_in_gtp.pcap.out +++ b/test/results/ipv6_in_gtp.pcap.out @@ -1,4 +1,4 @@ -00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00487{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":150,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":150,"pkt_l4_len":0,"ts_msec":1536839120404,"pkt":"AAAAAAACNLNUB8pWgQAMoYEAYAUIAEVoAIBoSQAA\/xHueQruUBoK7v5LCGgIaABsAAAw\/wBcEoCPuGAIuFIANBFAJgf8IEBSA55JCupNF\/7gnP0Al2q8Zxk+AAAAAAAAAAe\/4GQ6ADQ3SIBuFZfDWsIvMrWrNfP4Fx5OYe4CUCXgPs5ziPlz8hT\/27dLl2xtqJbPLkrE"} 00152{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","type":33024} 00510{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":166,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":166,"pkt_l4_len":0,"ts_msec":1536840494424,"pkt":"AAAAAAABNLNUB8pVgQAMn4EAQAIIAEVYAJD2QgAA\/xGMPAruJFwK7v5NCGgIaAB8AAAw\/wBsB0wVsGANtkgARDJAKgEEyMAUFE4AAQAClFtnYSoBBMjwAA9JAAAAAAAAAAT\/O2YDAAAAQhlm1OFxgeTba50SyREjm3lFbPc9lgrLUcRYebJHYlYzSCeWv2L\/IjSAXfS1U+Rh4DDxR7yVXb8kOaI3Xg=="} diff --git a/test/results/irc.pcap.out b/test/results/irc.pcap.out index d4ea23287..b7baff277 100644 --- a/test/results/irc.pcap.out +++ b/test/results/irc.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"irc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"irc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1387554241634,"flow_last_seen":1387554241634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1387554241634,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387554241634,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1387554241634,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387554241665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1387554241665,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="} diff --git a/test/results/ja3_lots_of_cipher_suites.pcap.out b/test/results/ja3_lots_of_cipher_suites.pcap.out index 7a52f35d9..337a060ed 100644 --- a/test/results/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/ja3_lots_of_cipher_suites.pcap.out @@ -1,4 +1,4 @@ -00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"ts_msec":1557818846743,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAADTDSUAAPwad0wrOgxIKzkH55SEBu84u1gAAAAAAgAJyEJdSAAACBAW0AQEEAgEDAwI="} 00166{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","type":33024} 00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"ts_msec":1557818846744,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAADQAAEAAPQZjHQrOQfkKzoMSAbvlIcEFrEzOLtYBgBI5CGLyAAACBAW0AQEEAgEDAwc="} diff --git a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out index d1c88bb4f..d1ce899a5 100644 --- a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -1,4 +1,4 @@ -00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00456{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"ts_msec":1505724520744,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} 00213{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","caplen":114,"len":118} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/kerberos.pcap.out b/test/results/kerberos.pcap.out index 205be9971..92019706a 100644 --- a/test/results/kerberos.pcap.out +++ b/test/results/kerberos.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"ts_msec":1549337929790,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"ts_msec":1549337929790,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="} diff --git a/test/results/long_tls_certificate.pcap.out b/test/results/long_tls_certificate.pcap.out index 04cc8500d..2ae22b558 100644 --- a/test/results/long_tls_certificate.pcap.out +++ b/test/results/long_tls_certificate.pcap.out @@ -1,4 +1,4 @@ -00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"long_tls_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"long_tls_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1609756181300,"flow_last_seen":1609756181300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1609756181300,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609756181300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1609756181300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609756181671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1609756181671,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} diff --git a/test/results/malformed_dns.pcap.out b/test/results/malformed_dns.pcap.out index 418d56127..1e3095652 100644 --- a/test/results/malformed_dns.pcap.out +++ b/test/results/malformed_dns.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malformed_dns.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malformed_dns.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1591551760342,"flow_last_seen":1591551760342,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1591551760342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591551760342,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1591551760342,"pkt":"AAAAAAAAAAAAAAAACABFAAA4nToAAEAR33h\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="} 00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1591551760342,"flow_last_seen":1591551760342,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1591551760342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/malformed_icmp.pcap.out b/test/results/malformed_icmp.pcap.out index 750709112..f103423a1 100644 --- a/test/results/malformed_icmp.pcap.out +++ b/test/results/malformed_icmp.pcap.out @@ -1,4 +1,4 @@ -00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malformed_icmp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malformed_icmp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00527{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593066612951,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":42,"pkt_l4_len":8,"ts_msec":1593066612951,"pkt":"AFUir8Y3AERm\/CmvCABFAAAcAAEAAEABXqPamLPV2pizNqUAWv8AAAAA"} 00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} diff --git a/test/results/malware.pcap.out b/test/results/malware.pcap.out index 166783b9c..7fead6e6a 100644 --- a/test/results/malware.pcap.out +++ b/test/results/malware.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malware.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malware.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1569571466977,"flow_last_seen":1569571466977,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1569571466977,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569571466977,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1569571466977,"pkt":"CGoKOl4eMFLLbJwbCABFAABcg9cAAEARLQnAqAcHAQEBAaWCADUASMoKC6QBIAABAAAAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAEAACkQAAAAAAAADAAKAAjrBFAObfGpig=="} 00714{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1569571466977,"flow_last_seen":1569571466977,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1569571466977,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/memcached.cap.out b/test/results/memcached.cap.out index e5c80f2f5..9ca394d0a 100644 --- a/test/results/memcached.cap.out +++ b/test/results/memcached.cap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"memcached.cap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"memcached.cap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="} diff --git a/test/results/modbus.pcap.out b/test/results/modbus.pcap.out index f50640149..bb4a3ff85 100644 --- a/test/results/modbus.pcap.out +++ b/test/results/modbus.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"modbus.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"modbus.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1223541953927,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"} 00592{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} diff --git a/test/results/monero.pcap.out b/test/results/monero.pcap.out index ec8205708..909d1016f 100644 --- a/test/results/monero.pcap.out +++ b/test/results/monero.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"monero.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"monero.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1514196188350,"flow_last_seen":1514196188350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1514196188350,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196188350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196188350,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196188430,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="} diff --git a/test/results/mongodb.pcap.out b/test/results/mongodb.pcap.out index df67bb374..65bafe091 100644 --- a/test/results/mongodb.pcap.out +++ b/test/results/mongodb.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mongodb.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mongodb.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00392{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"ts_msec":1483459978959,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} 00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","type":33024} 00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"mongodb.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"ts_msec":1483459978959,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} diff --git a/test/results/mpeg.pcap.out b/test/results/mpeg.pcap.out index a97b06ebc..4a1bcdf2c 100644 --- a/test/results/mpeg.pcap.out +++ b/test/results/mpeg.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mpeg.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mpeg.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1434379491040,"flow_last_seen":1434379491040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1434379491040,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434379491040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1434379491040,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1434379491117,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="} diff --git a/test/results/mpegts.pcap.out b/test/results/mpegts.pcap.out index 79e0b17b0..b3a1ef519 100644 --- a/test/results/mpegts.pcap.out +++ b/test/results/mpegts.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mpegts.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mpegts.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 02616{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1362,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1362,"pkt_l4_len":0,"ts_msec":1435209297954,"pkt":"AQBeSMkXrPHfGMSBgQANHwgARQAFQAAAQAAHEaScCgEQMObIyRefIQTSBSxl6UcBARcAD7wd249nI5BqMCydEQCD1YeFyAwoYGMeHIwcYCWAHEkET\/taR\/5YANOTSagKaodBkABeSU4ooP2cAgISCfI7GswCLhYGUDAuoQXALotIDoDAaSxnQetyw1wSf\/AKkMmAETWkokF4lgj\/+lAZSgnOA6QAiGVAYA8goTB50WWTRpqMHIxOOJ8\/G9fR\/gRwAyKEkesyBkAB8oyaCwrrgKE0mAZ74p+4IoA5RfCyWS8HBk6egclHP3xARwEBGEEXVAcUcasfHBwWuxBEA0AR3\/itnAslgP4YRyyuCUAHIGOdlcBl0VAUgAPrJ4fANDAD4iy\/w8TBHHBQGqzAH4UZAHtGCiNQgPA1JISSwngX6AHm4Jf\/mKVIQhIaSD8CMAMGBoJf\/aEdACJNQ4OIkGi0bLH9Meczk8i+AAAAAQ4ShEUQIiWUxLGqxZhYCkaHcmBJHgFBLPZRvGhAjlBpCLwBHUOLiXyWkJ41IhP4BH1T\/uSXFhIJn\/tHAQEZ0kepcDEADUYFzAA1cjMHnioWBMyEDwGRt7NwM5CBuOLJQCnAKi98MAR7oiygHZNJiEoKSG4lmBgaTAxKQSf+iYWQguoQIAGwERxFmI3UAusNyXAUqSlbJ5X4WGOUAQUpObs+A8kBs4JQAaEE6oSWAdQMP\/9ghf9DiGSh5LAYDApaSdFFANnYrBjoHYtBPLLKRUBQDgP0DT\/\/ORgDyJQaGBg0vAKAK8BxyZ0AZ4JIBBDDOFjeKiGBUEcBARooBUCpMQWTeQxgYA46QHYBoSgCIhAOgHYCcAhDKgLuTwFgEYGcAGAZAG8AmQkA1JqS0AOwG5KwBKBQAa\/Alf+AOvwSQA\/sLgKAB+GoBCAGJrko0b0gVRwSf9QHYDoNQCQAIMqMFwDWAfgQnBg\/\/mSg85hwCgAiQkoDIXkxWGAeSTGBGAFG4YCT\/6WQ+AQpqEegNiL\/GrDRqRZackiI5OrlAZ43r4E0jenh7oKAIKjCCsBbeNw5Yo42RwEBGwAfQcAcRNBC\/5Z3JpRQI\/\/QCAlBZTk2chBKACsMQM4Iv\/Q0sAiADYCqACG5YMNXMdDDQLDOOlKiWGYBLwLsCN\/1yL7bI7FfbAAoJBHItxAyYj9CFdLCexAmGGF7vB7MBLz9L5WGDsERwDwKSQJIfcYImKe4c7uIjWFSGKP7CWSAC2zwgfUBhAEzwVP\/g6IJ5OIEAD+DAC0NAQgh\/9kMhk0B1uxSAKllJDAEQYAZFAUAQgk\/+DYh9IBHH\/8Q\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/0cf\/xD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"} 00147{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","type":33024} 00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","total-events-serialized":4} diff --git a/test/results/mssql_tds.pcap.out b/test/results/mssql_tds.pcap.out index 146a64f17..67ea1e44a 100644 --- a/test/results/mssql_tds.pcap.out +++ b/test/results/mssql_tds.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mssql_tds.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mssql_tds.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"ts_msec":1240877917888,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} 00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} diff --git a/test/results/mysql-8.pcap.out b/test/results/mysql-8.pcap.out index 914e536d5..ce813c7e0 100644 --- a/test/results/mysql-8.pcap.out +++ b/test/results/mysql-8.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mysql-8.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mysql-8.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946708780103,"flow_last_seen":946708780103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":946708780103,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA8OA9AAEAGI6zAqAFpCioSxiIiDOqSBUElAAAAAKACchDH0wAAAgQFtAQCCAoAA3kqAAAAAAEDAwY="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":946708780103,"pkt":"REREREREIiIiIiIiCABFAAA8AABAAD8GXLsKKhLGwKgBaQzqIiISTcRTkgVBJqAScSDgsQAAAgQFtAQCCAoAARFeAAN5KgEDAwc="} diff --git a/test/results/nats.pcap.out b/test/results/nats.pcap.out index d2d8b7b5f..3964ceb92 100644 --- a/test/results/nats.pcap.out +++ b/test/results/nats.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nats.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nats.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzTwAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iAAAAAAQCAAA="} 00173{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","datalink":0,"header":33554432} 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"nats.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJA7LPw3wic09sBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iNpSeYgQCAAA="} diff --git a/test/results/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/ndpi_match_string_subprotocol__error.pcapng.out index b6774c4c3..d6661f8dc 100644 --- a/test/results/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/ndpi_match_string_subprotocol__error.pcapng.out @@ -1,35 +1,30 @@ -00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1258162014557,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1258162014557,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1258162014557,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"} 01982{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"ts_msec":1258162014576,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}} 00968{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":5,"flow_first_seen":1258162014557,"flow_last_seen":1258162020091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1494,"flow_avg_l4_payload_len":298,"midstream":0,"ts_msec":1258162069942,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1258162069942,"flow_last_seen":1258162069942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1258162069942,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1258162069942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1258162069942,"pkt":"AFBWmXinAB9to6gACABFAAAoNV1AADwGYqMKAwkTCkSJdp64H5sCrVUelwIr\/FARwhBt1QAAAAAAAAAA"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1258162069942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1258162069942,"pkt":"AAAMB6wcbVBWmXinCABFAAAoQ29AAIAGEJEKRIl2CgMJEx+bnriXAiv8Aq1VH1BQ9oqm6gAA"} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":2,"flow_first_seen":1258162069942,"flow_last_seen":1258162069942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":2,"flow_first_seen":1258162069942,"flow_last_seen":1258162069942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1258165452647,"flow_last_seen":1258165452647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1258165452647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1258165452647,"pkt":"AAAMB6wcAFBWmXinCABFAAA0LcAAAIAGZjQKRIl2CgMJEx+bnrjjt2XlI9vFB4AS+vA0cwACAgQFtAEDAwABAQQC"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1258165452652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1258165452652,"pkt":"AFBWmXinAB9to6gACABFAAAoGsxAADwGfTQKAwkTCkSJdp64H5sj28UH47dl5lAQwhBWHwAAAAAAAAAA"} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":7,"flow_first_seen":1258162014557,"flow_last_seen":1258162069942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1494,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1258165452647,"flow_last_seen":1258165452647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1258165452647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1258165452647,"pkt":"AAAMB6wcAFBWmXinCABFAAA0LcAAAIAGZjQKRIl2CgMJEx+bnrjjt2XlI9vFB4AS+vA0cwACAgQFtAEDAwABAQQC"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1258165452652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1258165452652,"pkt":"AFBWmXinAB9to6gACABFAAAoGsxAADwGfTQKAwkTCkSJdp64H5sj28UH47dl5lAQwhBWHwAAAAAAAAAA"} 01077{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":576,"pkt_l4_len":0,"ts_msec":1258165452669,"pkt":"AFBWmXinAB9to6gACABFAAoyGs1AADwGeykKAwkTCkSJdp64H5sj28X747el5lAYwhBevQAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aVhlIEhUVFAvMS4xDQpTT09QQWN0aW9uOiANCkNvbnRlbnQtdHlwZTogQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogMzQ0DQoNCjxzb2FwZW52OkVudmVsb3BlIHhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zcmFwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpC8WR5PgogICAgPG5zOmdldENvbmZpZ3VyZWRUZW1wbGF0ZT4KICAgICAgPG9iamVjdE5hbWU+TldNOToxLTEtMS0xOTwvb2JqZWN0TmFtZT4KICAgICAgPHRlbXBsYXRlTmFtZT5YRFNMX0FUTV9QVE08L3RlbXBsYXRlTmFtZT4KICAgIDwvbnM6Z6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00204{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","l4_data_len":542} -01394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1258165452676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":739,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":739,"pkt_l4_len":705,"ts_msec":1258165452676,"pkt":"AAAMB6wcAFBWmXinCABFAALVLctAAIAGI4gKRIl2CgMJEx+bnrjjt2XmI9vHEVAY+OaplwAASFdUUC8xLjEgNTAwIElucGVybmFsIFNlcnZlciBFcnJvcg0KRGF0ZTogU2F0LCAxNCBOb3YgMjAwOSAwMjoyNDo0OCBHTVQNClNlcnZlcjogU3VuIEdsYXNzRmlzaCBFbnRlcnByaXNlIFNlcnZlciB2Mi4xDQpYLVBvd2VyZWQtQnk6IFNlcnZsZXQvMi41DQpDb250ZW50LVR5cGU6IHRleHQveG1sO2NoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1MZW5ndGg6IDQ1Nw0KQ2+4bmVjdGlvbjogY2xvc2UNCg0KPD94bWwgdmVyc2l\/bj0iMS4wIiA\/PjxTOkVudmVsb3BlIHhtbG6pOlM9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXBvZW52ZWxvcGUvIj48UzpCb2R5PnJTOkZhdWx0IHhtbG5zOm5zND0iaHR0cDovL3d3dy53My5vcmcvMjAwMy8wNZdzeGFwLWVudmVsb3BlIj48ZmF1bHRjb2RlPlM6U2VydmVyPC9mYXVsdGNvZGU+PGZhdWx0c3RyaW5nPjwvZmF1bHRzdHJpbmc+PGRldGFpbD48bnMyOlJlbW90ZUFwY0V4Y2VwdGlvbiB4bWxuczpuczI9InVyaTovL2FsY2F0ZWwuY29tL2FwYy8yLjAiPjxtZXNzYWdlPlRoZSB0ZW1wbGF0ZSBpcyBub3QgY29uZmlndXJlZCBvbiB0aGlzIHBvcnQ8L21lc3NhZ2U+PGVycm9yQ29kZT5URU1QTElURV9OT1RfQ09ORklHVVJFRDwvZXJMb3JDb2RlPjwvbnMyOlJlbW90ZUFwY0V4Y2VwdGlvbj48L2RldGFpbD48L1M6RmHSbHQ+PC9TOkI3ZHk+PC9TOkVudmVsb3BlPg=="} -00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00187{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","total-events-serialized":21} +01394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1258165452676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":739,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":739,"pkt_l4_len":705,"ts_msec":1258165452676,"pkt":"AAAMB6wcAFBWmXinCABFAALVLctAAIAGI4gKRIl2CgMJEx+bnrjjt2XmI9vHEVAY+OaplwAASFdUUC8xLjEgNTAwIElucGVybmFsIFNlcnZlciBFcnJvcg0KRGF0ZTogU2F0LCAxNCBOb3YgMjAwOSAwMjoyNDo0OCBHTVQNClNlcnZlcjogU3VuIEdsYXNzRmlzaCBFbnRlcnByaXNlIFNlcnZlciB2Mi4xDQpYLVBvd2VyZWQtQnk6IFNlcnZsZXQvMi41DQpDb250ZW50LVR5cGU6IHRleHQveG1sO2NoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1MZW5ndGg6IDQ1Nw0KQ2+4bmVjdGlvbjogY2xvc2UNCg0KPD94bWwgdmVyc2l\/bj0iMS4wIiA\/PjxTOkVudmVsb3BlIHhtbG6pOlM9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXBvZW52ZWxvcGUvIj48UzpCb2R5PnJTOkZhdWx0IHhtbG5zOm5zND0iaHR0cDovL3d3dy53My5vcmcvMjAwMy8wNZdzeGFwLWVudmVsb3BlIj48ZmF1bHRjb2RlPlM6U2VydmVyPC9mYXVsdGNvZGU+PGZhdWx0c3RyaW5nPjwvZmF1bHRzdHJpbmc+PGRldGFpbD48bnMyOlJlbW90ZUFwY0V4Y2VwdGlvbiB4bWxuczpuczI9InVyaTovL2FsY2F0ZWwuY29tL2FwYy8yLjAiPjxtZXNzYWdlPlRoZSB0ZW1wbGF0ZSBpcyBub3QgY29uZmlndXJlZCBvbiB0aGlzIHBvcnQ8L21lc3NhZ2U+PGVycm9yQ29kZT5URU1QTElURV9OT1RfQ09ORklHVVJFRDwvZXJMb3JDb2RlPjwvbnMyOlJlbW90ZUFwY0V4Y2VwdGlvbj48L2RldGFpbD48L1M6RmHSbHQ+PC9TOkI3ZHk+PC9TOkVudmVsb3BlPg=="} +00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00187{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","total-events-serialized":16} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/13 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 2179 bytes ~~ total detected protocols..: 1 -~~ total active/idle flows...: 3/3 +~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 1933881 bytes -~~ total memory freed........: 1933881 bytes -~~ total allocations/frees...: 35362/35362 +~~ total memory allocated....: 1932265 bytes +~~ total memory freed........: 1932265 bytes +~~ total allocations/frees...: 35359/35359 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 192 chars ~~ json string max len.......: 1987 chars diff --git a/test/results/nest_log_sink.pcap.out b/test/results/nest_log_sink.pcap.out index 4108f9f78..6a3b8af5a 100644 --- a/test/results/nest_log_sink.pcap.out +++ b/test/results/nest_log_sink.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nest_log_sink.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nest_log_sink.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1536712992228,"flow_last_seen":1536712992228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536712992228,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1536712992228,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536712992228,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1536712992289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1536712992289,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} @@ -26,10 +26,10 @@ 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1536714610314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536714610314,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93Bcs3xVCNWtCGASbvAGcQAAAgQFjA=="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1536714610318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536714610318,"pkt":"AJD7JidrGLQwJjRACABFAAAoL78AAP8GGuLAqPIPI7yauvdwK1cI1a0IXLN8VlAQEgB69gAAAAAAAAAA"} 00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":7,"flow_first_seen":1536714610253,"flow_last_seen":1536714613730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1738,"flow_avg_l4_payload_len":248,"midstream":0,"ts_msec":1536714613730,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}} -00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":264,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536714675238,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":264,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536714675238,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":264,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"ts_msec":1536714675238,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":264,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1536714675238,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536714795365,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -55,9 +55,9 @@ 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1536716409908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536716409908,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93M4S\/jECPfPPmASbvCMDgAAAgQFjA=="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1536716409910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536716409910,"pkt":"AJD7JidrGLQwJjRACABFAAAoMC0AAP8GGnTAqPIPI7yauvdzK1cI988+OEv4xVAQEgAAlAAAAAAAAAAA"} 00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":8,"flow_first_seen":1536716409847,"flow_last_seen":1536716411997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536716411997,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}} -00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":533,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":116,"flow_first_seen":1536714607530,"flow_last_seen":1536716407068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":4069,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1536716472378,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":533,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1536716472378,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":533,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1536716472378,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":116,"flow_first_seen":1536714607530,"flow_last_seen":1536716407068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":4069,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536716592513,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -78,8 +78,8 @@ 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1536717450156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536717450156,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93XProMNCQ6xNmASaQPV8QAAAgQFtA=="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1536717450159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536717450159,"pkt":"AJD7JidrGLQwJjRACABFAAAoMHAAAP8GYgzAqPIPI65S7fd1K1cJDrE2z66DDlAQEgBEsgAAAAAAAAAA"} 00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":8,"flow_first_seen":1536717450091,"flow_last_seen":1536717452328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536717452328,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":699,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1536717512531,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":699,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1536717512531,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1536717572608,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1536717572608,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1536717572608,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1536717632701,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":1,"flow_first_seen":1536718052990,"flow_last_seen":1536718052990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536718052990,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -87,7 +87,7 @@ 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1536718053059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536718053059,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1536718053062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536718053062,"pkt":"AJD7JidrGLQwJjRACABFAAAoMIwAAP8GYfDAqPIPI65S7fd2K1cJGivYkMneU1AQEgCtowAAAAAAAAAA"} 00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":8,"flow_first_seen":1536718052990,"flow_last_seen":1536718055162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536718055162,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":771,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1536718115791,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":775,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1536718175913,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1536718202959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1536718202959,"pkt":"AJD7JidrGLQwJjRACABFAABEMJoAAP8RJazAqPIPwKjyAc5xADUAMPGqwpsBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00731{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -108,9 +108,9 @@ 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1536718209383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536718209383,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93le92HNCTyi+GASbvAoVQAAAgQFjA=="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1536718209385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536718209385,"pkt":"AJD7JidrGLQwJjRACABFAAAoMMQAAP8GGd3AqPIPI7yauvd5K1cJPKL4XvdhzlAQEgCc2gAAAAAAAAAA"} 00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":8,"flow_first_seen":1536718209313,"flow_last_seen":1536718211481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536718211481,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}} -00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":882,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":32,"flow_first_seen":1536718052990,"flow_last_seen":1536718206634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1536718271977,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":882,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"ts_msec":1536718271977,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":882,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1536718271977,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":32,"flow_first_seen":1536718052990,"flow_last_seen":1536718206634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536718392321,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536719715232,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/netbios.pcap.out b/test/results/netbios.pcap.out index afe0945ea..a4320fd13 100644 --- a/test/results/netbios.pcap.out +++ b/test/results/netbios.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1447772210350,"flow_last_seen":1447772210350,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772210350,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1447772210350,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772210350,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvYAAIARuScKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="} 00579{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1447772210350,"flow_last_seen":1447772210350,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772210350,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}} diff --git a/test/results/netbios_wildcard_dns_query.pcap.out b/test/results/netbios_wildcard_dns_query.pcap.out index 12a4525ff..ee93f8a40 100644 --- a/test/results/netbios_wildcard_dns_query.pcap.out +++ b/test/results/netbios_wildcard_dns_query.pcap.out @@ -1,4 +1,4 @@ -00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1597866040493,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1597866040493,"pkt":"AAkPCQEKAFBWvdjVCABFAABOhIlAAEARHAYKAUP6CgFCFKF3ADUAOgSEgPAAEAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} 00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/netflix.pcap.out b/test/results/netflix.pcap.out index ce1f3c984..a341a35ee 100644 --- a/test/results/netflix.pcap.out +++ b/test/results/netflix.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1484319030789,"flow_last_seen":1484319030789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1484319030789,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1484319030789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319030789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1484319032865,"flow_last_seen":1484319032865,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319032865,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -236,7 +236,6 @@ 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1484319056327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319056327,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Fj1AAEAGP1XAqAEHF\/YLjc++AFBtOQm7PQ6az4AQEBV4RwAAAQEICh9lEOzE7\/UM"} 00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}} 00998{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056347,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1554,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":25,"flow_first_seen":1484319032896,"flow_last_seen":1484319033215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6570,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1484319060841,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":1,"flow_first_seen":1484319064590,"flow_last_seen":1484319064590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319064590,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1484319064590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319064590,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":1,"flow_first_seen":1484319064593,"flow_last_seen":1484319064593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319064593,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -278,44 +277,11 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1484319070655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319070655,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz9pdV1SucdRxsqAS\/\/+\/OwAAAgQFtAEDAwkEAggKgYtW3h9lRgI="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2499,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1484319070656,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319070656,"pkt":"gCqoTGHM5JjWH70UCABFAAA0S\/NAAEAGCafAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AQEBXd4QAAAQEICh9lRhWBi1be"} 01025{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":4,"flow_first_seen":1484319070636,"flow_last_seen":1484319070660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1484319070660,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2519,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":31,"flow_first_seen":1484319049684,"flow_last_seen":1484319050696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12666,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":1484319070864,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2519,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1484319070864,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2519,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1484319070864,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":53,"flow_first_seen":1484319050652,"flow_last_seen":1484319052229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41415,"flow_avg_l4_payload_len":781,"midstream":0,"ts_msec":1484319080893,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":58,"flow_first_seen":1484319052216,"flow_last_seen":1484319054100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43240,"flow_avg_l4_payload_len":745,"midstream":0,"ts_msec":1484319080893,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":55,"flow_first_seen":1484319054101,"flow_last_seen":1484319056189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43241,"flow_avg_l4_payload_len":786,"midstream":0,"ts_msec":1484319080893,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":38,"flow_first_seen":1484319064671,"flow_last_seen":1484319065592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":16026,"flow_avg_l4_payload_len":421,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":28,"flow_first_seen":1484319032984,"flow_last_seen":1484319063913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4806,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":20,"flow_first_seen":1484319033206,"flow_last_seen":1484319063914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":923,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":25,"flow_first_seen":1484319035342,"flow_last_seen":1484319066108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6543,"flow_avg_l4_payload_len":261,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":50,"flow_first_seen":1484319056204,"flow_last_seen":1484319063297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21464,"flow_avg_l4_payload_len":429,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":49,"flow_first_seen":1484319056210,"flow_last_seen":1484319062135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28763,"flow_avg_l4_payload_len":587,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":54,"flow_first_seen":1484319056214,"flow_last_seen":1484319063597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21524,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":53,"flow_first_seen":1484319056221,"flow_last_seen":1484319063369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26939,"flow_avg_l4_payload_len":508,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":57,"flow_first_seen":1484319056232,"flow_last_seen":1484319064277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":428,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":55,"flow_first_seen":1484319056233,"flow_last_seen":1484319063283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":25507,"flow_avg_l4_payload_len":463,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":52,"flow_first_seen":1484319056233,"flow_last_seen":1484319063789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":469,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":60,"flow_first_seen":1484319056234,"flow_last_seen":1484319063566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35980,"flow_avg_l4_payload_len":599,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":55,"flow_first_seen":1484319056241,"flow_last_seen":1484319062003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24422,"flow_avg_l4_payload_len":444,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":54,"flow_first_seen":1484319056264,"flow_last_seen":1484319064524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21416,"flow_avg_l4_payload_len":396,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":58,"flow_first_seen":1484319056264,"flow_last_seen":1484319063421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28764,"flow_avg_l4_payload_len":495,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":178,"flow_first_seen":1484319064593,"flow_last_seen":1484319070693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":145506,"flow_avg_l4_payload_len":817,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":37,"flow_first_seen":1484319032888,"flow_last_seen":1484319063911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6835,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":34,"flow_first_seen":1484319033631,"flow_last_seen":1484319064012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10476,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10490,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1484319090903,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":1,"flow_first_seen":1484319091296,"flow_last_seen":1484319091296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319091296,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1484319091296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319091296,"pkt":"gCqoTGHM5JjWH70UCABFAABAakNAAEAG60LAqAEHF\/YLjc\/hAFDAgDYQAAAAALAC\/\/\/YUQAAAgQFtAEDAwUBAQgKH2WTUQAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4216,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1484319091309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319091309,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz+FsswOfwIA2EaAS\/\/85DQAAAgQFtAEDAwkEAggK\/T5Cox9lk1E="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4217,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1484319091310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319091310,"pkt":"gCqoTGHM5JjWH70UCABFAAA00UpAAEAGhEfAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAQEBVXuAAAAQEICh9lk1\/9PkKj"} 01025{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":4,"flow_first_seen":1484319091296,"flow_last_seen":1484319091314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1484319091314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5060,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":41,"flow_first_seen":1484319048780,"flow_last_seen":1484319080085,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30432,"flow_avg_l4_payload_len":742,"midstream":0,"ts_msec":1484319100912,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5060,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":148,"flow_first_seen":1484319032986,"flow_last_seen":1484319080084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":64178,"flow_avg_l4_payload_len":433,"midstream":0,"ts_msec":1484319100912,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5060,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":126,"flow_first_seen":1484319043013,"flow_last_seen":1484319077933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":119751,"flow_avg_l4_payload_len":950,"midstream":0,"ts_msec":1484319100912,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5060,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":21,"flow_first_seen":1484319043665,"flow_last_seen":1484319075730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11829,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1484319100912,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5060,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":40,"flow_first_seen":1484319035079,"flow_last_seen":1484319073564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10839,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1484319100912,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5060,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":69,"flow_first_seen":1484319035080,"flow_last_seen":1484319073578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39376,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1484319100912,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6075,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":27,"flow_first_seen":1484319049465,"flow_last_seen":1484319081182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14703,"flow_avg_l4_payload_len":544,"midstream":0,"ts_msec":1484319110920,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6075,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":63,"flow_first_seen":1484319043012,"flow_last_seen":1484319085476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":42483,"flow_avg_l4_payload_len":674,"midstream":0,"ts_msec":1484319110920,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":1,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1484319114365,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1484319114365,"pkt":"gCqoTGHM5JjWH70UCABFAABCZ6UAAEARj63AqAEHwKgBAcmmADUALqajKFkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="} 00718{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":1,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -381,8 +347,21 @@ 00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":25,"flow_first_seen":1484319032896,"flow_last_seen":1484319033215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6570,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":31,"flow_first_seen":1484319049684,"flow_last_seen":1484319050696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12666,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":71,"flow_first_seen":1484319064669,"flow_last_seen":1484319117874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":53403,"flow_avg_l4_payload_len":752,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":38,"flow_first_seen":1484319064671,"flow_last_seen":1484319065592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":16026,"flow_avg_l4_payload_len":421,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":27,"flow_first_seen":1484319049465,"flow_last_seen":1484319081182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14703,"flow_avg_l4_payload_len":544,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":41,"flow_first_seen":1484319048780,"flow_last_seen":1484319080085,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30432,"flow_avg_l4_payload_len":742,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":28,"flow_first_seen":1484319032984,"flow_last_seen":1484319063913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4806,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":148,"flow_first_seen":1484319032986,"flow_last_seen":1484319080084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":64178,"flow_avg_l4_payload_len":433,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":20,"flow_first_seen":1484319033206,"flow_last_seen":1484319063914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":923,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":16,"flow_first_seen":1484319033886,"flow_last_seen":1484319113019,"flow_idle_time":180000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":63,"flow_first_seen":1484319043012,"flow_last_seen":1484319085476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":42483,"flow_avg_l4_payload_len":674,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":126,"flow_first_seen":1484319043013,"flow_last_seen":1484319077933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":119751,"flow_avg_l4_payload_len":950,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":21,"flow_first_seen":1484319043665,"flow_last_seen":1484319075730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11829,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":637,"flow_first_seen":1484319049672,"flow_last_seen":1484319109285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":702214,"flow_avg_l4_payload_len":1102,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":31,"flow_first_seen":1484319114406,"flow_last_seen":1484319117555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8880,"flow_avg_l4_payload_len":286,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":22,"flow_first_seen":1484319117651,"flow_last_seen":1484319117994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8767,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -390,6 +369,9 @@ 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":41,"flow_first_seen":1484319118658,"flow_last_seen":1484319120053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39341,"flow_avg_l4_payload_len":959,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1484319032865,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":40,"flow_first_seen":1484319035079,"flow_last_seen":1484319073564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10839,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":69,"flow_first_seen":1484319035080,"flow_last_seen":1484319073578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39376,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":25,"flow_first_seen":1484319035342,"flow_last_seen":1484319066108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6543,"flow_avg_l4_payload_len":261,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":4,"flow_first_seen":1484319114365,"flow_last_seen":1484319114400,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":48,"flow_first_seen":1484319117605,"flow_last_seen":1484319119338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26449,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":52,"flow_first_seen":1484319117826,"flow_last_seen":1484319118687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22434,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -400,9 +382,27 @@ 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":53,"flow_first_seen":1484319050652,"flow_last_seen":1484319052229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41415,"flow_avg_l4_payload_len":781,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":58,"flow_first_seen":1484319052216,"flow_last_seen":1484319054100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43240,"flow_avg_l4_payload_len":745,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":55,"flow_first_seen":1484319054101,"flow_last_seen":1484319056189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43241,"flow_avg_l4_payload_len":786,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":50,"flow_first_seen":1484319056204,"flow_last_seen":1484319063297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21464,"flow_avg_l4_payload_len":429,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":49,"flow_first_seen":1484319056210,"flow_last_seen":1484319062135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28763,"flow_avg_l4_payload_len":587,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":54,"flow_first_seen":1484319056214,"flow_last_seen":1484319063597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21524,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":53,"flow_first_seen":1484319056221,"flow_last_seen":1484319063369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26939,"flow_avg_l4_payload_len":508,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":57,"flow_first_seen":1484319056232,"flow_last_seen":1484319064277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":428,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":55,"flow_first_seen":1484319056233,"flow_last_seen":1484319063283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":25507,"flow_avg_l4_payload_len":463,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":52,"flow_first_seen":1484319056233,"flow_last_seen":1484319063789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":469,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":60,"flow_first_seen":1484319056234,"flow_last_seen":1484319063566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35980,"flow_avg_l4_payload_len":599,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":55,"flow_first_seen":1484319056241,"flow_last_seen":1484319062003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24422,"flow_avg_l4_payload_len":444,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":54,"flow_first_seen":1484319056264,"flow_last_seen":1484319064524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21416,"flow_avg_l4_payload_len":396,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":58,"flow_first_seen":1484319056264,"flow_last_seen":1484319063421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28764,"flow_avg_l4_payload_len":495,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":1307,"flow_first_seen":1484319064590,"flow_last_seen":1484319117695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1155976,"flow_avg_l4_payload_len":884,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":178,"flow_first_seen":1484319064593,"flow_last_seen":1484319070693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":145506,"flow_avg_l4_payload_len":817,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":788,"flow_first_seen":1484319070636,"flow_last_seen":1484319117609,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":707039,"flow_avg_l4_payload_len":897,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":1872,"flow_first_seen":1484319091296,"flow_last_seen":1484319117694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1734535,"flow_avg_l4_payload_len":926,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":37,"flow_first_seen":1484319032888,"flow_last_seen":1484319063911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6835,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":34,"flow_first_seen":1484319033631,"flow_last_seen":1484319064012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10476,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10490,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":45,"flow_first_seen":1484319064711,"flow_last_seen":1484319096924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24950,"flow_avg_l4_payload_len":554,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","total-events-serialized":408} diff --git a/test/results/netflow-fritz.pcap.out b/test/results/netflow-fritz.pcap.out index 0ae057556..8fdaaa980 100644 --- a/test/results/netflow-fritz.pcap.out +++ b/test/results/netflow-fritz.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflow-fritz.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflow-fritz.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1498072707863,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":1498072707863,"pkt":"AAwRERERAAwRIiIiCABFKADQAABAAD8R1PvAqAABwKgBAVtYCAcAvAAAAAoAtFlKxZ0CWWXEAAQBAAACAHABzQAWAAEABIDPAAQAAGjygMz\/\/wAAaPKAzf\/\/AABo8gAHAAIACwACAAYAAgCxAAEAsAABALQAAgC1AAIAAgAEAM0AAgC5AAQAuAAEAAgABAAMAAQANgAEAFgAAgAEAAEAwAABgAH\/\/wAAaPIAAwA0AdIABwABAI8ABAApAAgAKgAIACgACAEwAAIBMQAEATIABAHTAAIAAQCOAAQAUv\/\/"} 00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"proto":"NetFlow","breed":"Acceptable","category":"Network"}} diff --git a/test/results/netflowv9.pcap.out b/test/results/netflowv9.pcap.out index f878037ff..b42b7a220 100644 --- a/test/results/netflowv9.pcap.out +++ b/test/results/netflowv9.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflowv9.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflowv9.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1568213026961,"flow_last_seen":1568213026961,"flow_idle_time":180000,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"ts_msec":1568213026961,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02290{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1568213026961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"ts_msec":1568213026961,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBZAAEARgqbAqAKGwKgC3r31CAkFaHVWAAkAECROCO5dZ6gMFm+miAAAAAEBAwQkAAoEJE1qKCRNaigAAAAAAAAAKAAAAAAAAAABBo0ou7J9QF7TxAskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp1CRNjMsAAAAAAAUbtAAAAAAAAASjBhdDjcSK9gL7ko0BuxoAkwAAMhAAAFHMhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp3CRNjKAAAAAAAB2wnwAAAAAAAAZqBor2AvsXQ43EAbuSjRoAkwAAUcwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1ybSRNcm0AAAAAAAAAKAAAAAAAAAABBoOfghRcdiVS2B5evAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1rLyRNay8AAAAAAAAAKAAAAAAAAAABBor09llcdiVKtb1pkQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2QhyRNkIcAAAAAAAAAKAAAAAAAAAABBor0qxxcdiVS2B5S8QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JWyRNiVsAAAAAAAAAKAAAAAAAAAABBoOfWVu53tNywXcEGgIAkwADMXgAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qjSRNao0AAAAAAAAALAAAAAAAAAABBor2xOMr4aaiqY0AFgIAkwAAseAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2OYCRNjmAAAAAAAAAAKAAAAAAAAAABBo1UlODIXai05wABvQIAkwAAS+UAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAACRwAAAAAAAAAKBoG7\/klQ1h8GKsoBuxsAkwAAFSIAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAAWPwAAAAAAAAAIBlDWHwaBu\/5JAbsqyh4AkwAAMhAAABUihHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTSRNh00AAAAAAAAAKAAAAAAAAAABBor1FpC5r10bvgPWnAIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2Q4yRNkOMAAAAAAAAAKAAAAAAAAAABBoOfV4ZcdiVS2B5ZXgIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNhcskTYXLAAAAAAAAAHoAAAAAAAAAARHN+8cOjVQJ2YZdADUAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAQcA1AAKBiRNJ\/YkTYzBAAAAAAAAELEAAAAAAAAADwYgARa4LRoyANRG8rtzEZ1EIAFMoAAAAQMAAAAAgbv\/\/PfhAbvbAGwAACKxAAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAAoGJE0n9iRNjMEAAAAAAAAIZQAAAAAAAAAMBiABTKAAAAEDAAAAAIG7\/\/wgARa4LRoyANRG8rtzEZ1EAbv34RsAbAAAMhAAACKxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAA="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1568213026961,"flow_last_seen":1568213026961,"flow_idle_time":180000,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"ts_msec":1568213026961,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} diff --git a/test/results/nintendo.pcap.out b/test/results/nintendo.pcap.out index b45fcf194..3296e39eb 100644 --- a/test/results/nintendo.pcap.out +++ b/test/results/nintendo.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nintendo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nintendo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1500731320644,"flow_last_seen":1500731320644,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1500731320644,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1500731320644,"pkt":"AA6OGXEMfLuKifuECABFAABYEUEAAEARTg7AqAxyWwjzI8uXwRgARM2+MquYZAJWA8uWATPgxkj4NJP7aMnpzfBBRQUJGYsmvR+Tfti6\/9NW0mVVtdYfmAlO0lOZx8+qpE3Q9Qrr"} 00581{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1500731320644,"flow_last_seen":1500731320644,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}} diff --git a/test/results/no_sni.pcap.out b/test/results/no_sni.pcap.out index ba9de2029..0c8edf4eb 100644 --- a/test/results/no_sni.pcap.out +++ b/test/results/no_sni.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"no_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"no_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1604822444474,"flow_last_seen":1604822444474,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1604822444474,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1604822444474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1604822444474,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1604822444475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1604822444475,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+ciDAbvkc0f2Nh\/971AYEAB\/fAAAFwMDABPsQXLhLYpNcnxO3uEm2chWzCNj"} diff --git a/test/results/ocs.pcap.out b/test/results/ocs.pcap.out index 3d93b1b21..88559a210 100644 --- a/test/results/ocs.pcap.out +++ b/test/results/ocs.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ocs.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ocs.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00347{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1449652784341,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"} 00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","type":12} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":63,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":63,"pkt_l4_len":0,"ts_msec":1449652786071,"pkt":"RQAAP4JiQABAETORwKi0AggICAiWSAA1ACtxaqbPAQAAAQAAAAAAAAVvY3UwMwhsYWJnZW5jeQJ3cwAAAQAB"} diff --git a/test/results/ookla.pcap.out b/test/results/ookla.pcap.out index a313b9853..1116ecf7a 100644 --- a/test/results/ookla.pcap.out +++ b/test/results/ookla.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ookla.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ookla.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1491069108756,"flow_last_seen":1491069108756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1491069108756,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491069108756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1491069108756,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491069108793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1491069108793,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -9,8 +9,8 @@ 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1491069115144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1491069115144,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBx+QyA8qkdUorSOsy6ASOJC7tQAAAgQFrAQCCAp\/4XceDd4f9gEDAwU="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1491069115144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491069115144,"pkt":"gCqojWksxCwDBkn+CABFAAA0VElAAEAGAADAqAEHLiz9u8gPH5CtI6zLKpHVKYAQECztvQAAAQEICg3eIBp\/4Xce"} 00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1491069115172,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Ookla","breed":"Safe","category":"Network"}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4021,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":20,"flow_first_seen":1491069108756,"flow_last_seen":1491069114084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":2980,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1491069139040,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":5066,"flow_first_seen":1491069115107,"flow_last_seen":1491069155251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4346133,"flow_avg_l4_payload_len":857,"midstream":0,"ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":20,"flow_first_seen":1491069108756,"flow_last_seen":1491069114084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":2980,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","total-events-serialized":14} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5086/5086 diff --git a/test/results/openvpn.pcap.out b/test/results/openvpn.pcap.out index d6d31c491..b949bfe27 100644 --- a/test/results/openvpn.pcap.out +++ b/test/results/openvpn.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"openvpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"openvpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1467904946700,"flow_last_seen":1467904946700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1467904946700,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467904946700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1467904946700,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1467904946755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1467904946755,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="} diff --git a/test/results/os_detected.pcapng.out b/test/results/os_detected.pcapng.out index 9671d7ff0..d2f9d7460 100644 --- a/test/results/os_detected.pcapng.out +++ b/test/results/os_detected.pcapng.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"os_detected.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"os_detected.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1611427514609,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1611427514609,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAZdFAAEAR\/ePAqAGACAgICJuNAbsE7AYLxP8AAB0Inw\/JO07eNjIIgxX\/XKNBIUIARMqZ8UiDvq\/ZLsUdz0scSMu9YDA5XC\/EJ\/VWdcKmIJjpSLXMxg05sWM0HmWuizvek0EXnlQzmUN9ovr2\/hk4L4+drmSHxo9NOB+GUfgxVDY8jS5sYut7pzwyS1v0Tzd0E1TyJIWDsBfvZlI4bbIIRlefQgOB0WdUqMEfHzxzcbGs6dNO+9vDaznNJ4dGUWqyjTrP1xrbA5ARI5dTVb4R+7D0v8orWpuNvxjoiVb36LCsfL0SbVo2GhqQoHke+Z\/B2D+0+r7INWQc1iHzAG+HeNlA1LtOtYyHAJVB+P59vqKsfmDTE8RgVpXe1x30lS+4YR7jaekw9qCyZHC0kKXvmsPCqZ\/9qa5gMMsfGTjnOTdcid5WA6CyHhSK2HTQW4GkzXHYPreaFIFRc0y9+aMq1Mfl97S1vnvDvIbG91Np67AM6LV1xuilkclYvUim1l1JoFQCUfe6m3PyP+gIQTFerpfrZHjXHVmed8ZubnloXre0\/Z3B2Oh1fmjBjrSNQGdC4YK\/DVld8Ug+FRG0kxgDMCgRJ2S9dOYEMkKgzq\/BKvgwUYmMidXS+F+tMJvoHQSzv3bhpGgehHuZOqNIC3d6Rty6h0nPb+BYsf5E1IpIcwzMB2CvZbT77jViKMoAt5RtufWUmoQ2qymcAa7AXbvCL5L7qI\/1oplTPNm0Ysi0JSUXXf61rlCNL1vc+XNbLSeTg2Vz2fPTbPH7hg\/8qinCri68WhuYiT\/rvuXkVqGxWKJq5b1oM\/AIky7+yMfObOfk9kQ3thgac0pRO1LAAwjECH\/XdGHuEsxIejknnknLjBpjmS+2c+909N0TGc\/NPsDPdaLmN10HnCVLaT1WmruOxWZDa3gV1s3K4IKU6NwqVeHNSYO5xx5HEC7tZU+y4E74cmfLayIxxbdgkahHRv9ATyXrtMLRAHqK8ZsoIIw0D9NAPBA355APW3UhJ\/Z9ZHxppKcR2\/OPN1KQqoIrhRGT9bUzB7Xkn\/VMWRYSTXTiaAYMcb8dRkENbKtVWSIk9LJFrE8pIXivmB2tWlt1t6y+TR30oU1\/NUX3jGhxE7t44s+NhGXfBpl2YQbF4zUhYeZAUzU9QbWzyGdZYarMNxVUgYeW9stlVHB0y\/otPwbX9mpoJ+Dy1FXdgrsIv1LAkh1\/3bdSFFfKVJUwX6EGqQRQU02j\/r+E7RZ0bE01QtNNSuMRMdJX2zJtopXBwZLz8h67datSO+I1wfoRzj4VUG35Q8hcFywG\/xq04McVVySWGNnMos9RmQkhysf\/lc3FuHHnMMA\/XcGqeB2biYiiwAKDCGuBCGTLrEYhV1yIzE4vEhvJvg325fJl3DNeUSuAwqKe9SjUjQtv+EVpEiYxaR6X90zwFDBlHdBDDCfh3iS1o2jSGLUvocncy0jQz8qak7nPw6oMW\/gU8WvBhkEaY\/b26hw+tYWakl5yNVwxnF\/7PKfJyyyPpmjSH2ycL45nydbEY1t1GYpcV+P7AunIs6enuyUp9NNdtbH\/d0RuYFGsVW1287YLi13LwF56RtlC\/tVGquwfxdqcbniCbYb8LvlGF6r32UjuoiuACdgmkrt6Wf7sAVkRHeYLY5bLkD+o6H+JIwDjoOA\/yI8iOw0QceAwvS35vC2IO56LiInTgA=="} 00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","version":"TLSv1.3","alpn":"h3-29","ja3":"9addef84847d700f759746b237c405c8","tls_supported_versions":"TLSv1.3"}} diff --git a/test/results/pinterest.pcap.out b/test/results/pinterest.pcap.out index 17f87f9e9..c54759420 100644 --- a/test/results/pinterest.pcap.out +++ b/test/results/pinterest.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pinterest.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pinterest.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1605289710318,"flow_last_seen":1605289710318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289710318,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605289710318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289710318,"pkt":"qtsDr8lk5EKm5WPyht1gCMmjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYwBu9VDYL21LWgegBAB9TESAAABAQgKz6ojDMK4Yvg="} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1605289710576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289710576,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBjLUtaB7VQ2C+gBALgY8wAAABAQgKwrkTpM+oCrY="} diff --git a/test/results/pps.pcap.out b/test/results/pps.pcap.out index ad0cdf304..d2080409d 100644 --- a/test/results/pps.pcap.out +++ b/test/results/pps.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1467353136432,"flow_last_seen":1467353136432,"flow_idle_time":180000,"flow_min_l4_payload_len":1065,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":1065,"midstream":0,"ts_msec":1467353136432,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467353136432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"ts_msec":1467353136432,"pkt":"ABxCjnAxTF4M6gNlCABFAARFnt8AAHkRY4kBrQXiwKhzCFhsWQkEMf8ywISVs7ORwenTFHKVo6On5uSI0FSEcN6hpKSkpNyhoaGhoaGhpZUqLaxIFnIc1o9j1V\/jBxJYgTJzuNolbzVZ0R0xZInD9kisn9RUmqrxmfaOfWLidBLnlikkHNGned0J8w\/52jjY0bi7jWD1Ne30q1o07ZUYUv\/QbvJH0F4eDOmx08v7Bn20GVMFMCjodWpNTNXJ2SexjrFeI6FN4QYXCHMojb7c\/PEThAYazMCmu0O\/roaBRseEPs6rkTe8cp9cAvQ\/n5mjopI2U8mnsMzLdAnslhYT0HUp9qJVwLrEv01esKN2ht\/bwWWVF5TQquAB9v7Wt6e2OQ8vuih+Atb\/n4iLmHyAs8+DFzXEuSUKcpvamkMM7UM6hef8q9KNvY9qWQR1Tk9ycKmbR0smL1JeXfm85kJMbN\/EYgsXVxKaRK2Rv1yY1dyGePuc3UEjPL+KzMtadixFRQ2hL7UpDi17vDigTJ7AYF91J2Ja6BY8r45GbA0qcKjT\/2PMj0bcxGB5DZVExfvPgmT3pnLIXAIQCOuPxcK1euFQEq3Apr\/U+RUfsQg\/rkRxZFaG23hIOWdbuHAYWf162Ln84BIDQyIvmVPxm8HZfjSFxo5lT3SAnYhEraONvTPmIXSleQ0yKdGJXnTmaDvKNiI7tvMq4Ue8NItBFyrpaz\/ey7wisHK9g6RaTXC2Chi58N03IkAUbldcXIkAS5oXnhiCl8IRbYlSyiMzSearcyriLmt1A2oCZsMGjLI+Vg\/QQvFWKc8MUtJXDD\/3\/zP8XOVOsXbwqPjP0oQ7zs+cPcwh\/zsX++z5sEE67YjR9MZx16gb1c6v0nV6LooYTawJrbu4mQmfFZzBirmdYpVDc4DqSieyA3bfOctfLgZnR3dYSCqNYYEecOcnZB43DJPn8EapO45onRSmMzS98N7TjaXmivBMLMEYQUMWDdAQR+RohVRWZ8yz03QldhdX5BlmxjsyF+QH4XhdR0TNLGfQpBdbvPuC7brPT34pQ\/bB6DZ6ODmbu+A2bFlwaKRZQmJpDJEqSpl\/j8OazBmvo4z1ZZoiN2qDNKYSKtk5sX2V4oom7Mnsk9hlp\/P7QgLEBpxQ6BCZB+MVDHR5MiRiLZDeVw70iySjxEYrchS3jdcNstavegpWpk9whZhUojqFPGvCcQT6tmKjbQIj5Hu8ksUMNE+8BTHM8uZtK\/5DEb5Sp8gJi14\/rPknXLsL1+u4QhASTCXJWfbflBR6pE5s+QTIeXdrRWYqM9thmBhP+C3ZF+iPYB\/m3bwwcBgmvlLrzojH5FQZ4K8lHE7ijUN9HVDnNUbnZc73qehkk0VqLJlMqTyl7jKytXnNXEqS0p7S2OdJ0s12tQ48KCHUsQqmAui3sLr0tFku+q\/\/8h3kbG7OZisKcU6BzQvEtOBdMqyPELwAAAAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1467353136432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1467353136432,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzYAAIARgDbAqHMIAa0F4lkJWGwALVw+2oCeu7uZyeHbHHqdq6urqq6n\/nt+fn5+wr+\/v7+\/v7+7W6Rb\/w=="} @@ -227,8 +227,6 @@ 00985{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1467353157509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":457,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":457,"pkt_l4_len":423,"ts_msec":1467353157509,"pkt":"TF4M6gNlABxCjnAxCABFAAG7D3xAAIAGbLPAqHMI3xpqQsU+AFB482xgj\/e7VVAYAQRcuQAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQpSYW5nZTogYnl0ZXM9MzQyNDI1Ni04MDU3MDIzDQoNCg=="} 01003{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7440000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1467353157533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353157533,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5zsFAADMGa3TKbA7swKhzCABQxT0x8BrOPOASCFAYACB8+QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00587{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1467353157718,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00548{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1467353157718,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01067{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1467353157718,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"ts_msec":1467353157718,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDVAADMGDUpvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1467353158696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353158696,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLHIAAAER1v7AqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -304,7 +302,6 @@ 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":1,"flow_first_seen":1467353187172,"flow_last_seen":1467353187172,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353187172,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1467353187172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353187172,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAgsAAAERAYPAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00590{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":1,"flow_first_seen":1467353187172,"flow_last_seen":1467353187172,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353187172,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":3,"flow_first_seen":1467353165563,"flow_last_seen":1467353165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":379,"midstream":1,"ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1467353189325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":1467353189325,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LaNAAIAGT77AqHMI3xpqE8VJAFB9cer6SbS1WFAYQTc4sgAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkZXIuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IERvd25sb2FkZXINCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} 00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}} @@ -427,6 +424,8 @@ 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00548{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":2,"flow_first_seen":1467353159222,"flow_last_seen":1467353159428,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":581,"flow_avg_l4_payload_len":290,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":2,"flow_first_seen":1467353181295,"flow_last_seen":1467353181515,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":589,"flow_avg_l4_payload_len":294,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -505,6 +504,7 @@ 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":2,"flow_first_seen":1467353138931,"flow_last_seen":1467353139050,"flow_idle_time":7440000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":671,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":3,"flow_first_seen":1467353165563,"flow_last_seen":1467353165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":379,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":2,"flow_first_seen":1467353144819,"flow_last_seen":1467353144913,"flow_idle_time":7440000,"flow_min_l4_payload_len":229,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":619,"flow_avg_l4_payload_len":309,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/ps_vue.pcap.out b/test/results/ps_vue.pcap.out index 280757d5a..9b091bab9 100644 --- a/test/results/ps_vue.pcap.out +++ b/test/results/ps_vue.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ps_vue.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ps_vue.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1568831054386,"flow_last_seen":1568831054386,"flow_idle_time":7440000,"flow_min_l4_payload_len":1318,"flow_max_l4_payload_len":1318,"flow_tot_l4_payload_len":1318,"flow_avg_l4_payload_len":1318,"midstream":1,"ts_msec":1568831054386,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1568831054386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1372,"pkt_l4_len":1338,"ts_msec":1568831054386,"pkt":"QJkivOG5AKC8brI7CABFaAVOJd8AADQGjbAI\/AKLwKgBhABQ5z6u3wY0Ay5J4VAQgjL2BgAAKErv4VCv5XHq3VugakpTkhrL+kb9dEp7ZqV8OhbiblbF4ucSVzx\/MP1oilcz0crd02QqcE8+devTItKmafCbWnAwE\/9DOgi7ce43g2BD\/nJGwrypV0n\/lpKlZCPvunYTTeqjhwGKc6502l87Xs+zfJVWBneqtMKdkFu9Luvy+dyqO7rHnCabtAWrpEy0TRcv6LTWKIFUotAIaLkmY7WgSmFIZ62TK8CnvaxwDwzYvJ5ZjQiFN8X5DxilG\/df4sIjuAdwJhNDFhHUfzAE+UueG\/lVfoML5Xk9w+TPsk3F5uGAaPkC86EBn82kkWRI6MGF8SyydVvt5HnewuoCF8DHruY5qPlbl5yLGmUCy6LuKc8s6KM27nygc3Bte7e7XAKflW8Wcvmd0+7YASMoWJ\/SESHwJfo+tjoKQJDCuUg0eYkktG8s\/htBFaRrrEIIIogo1I1rceufguXuUufTPlgB4e4clivmC\/NVWuNR4Wlwc23B3RImV9O2fDK8pRwdsflldfN+2wrlemyOmIEW44MXIVRj4Jx0AiJHgrkz1UzanBUfeGRbpCbnANXha\/D+RxGqI9Y56kLfgbJA9toJuDdEp381WrPm4dk\/35T1ydquleaKrCQ4GUMJvemfq4+2BDWl9ZtzetW\/B52p73A\/IWp9\/JZFCoDaxRJxW2x+nAmeXg4dqTNcnSkj6r0ZKGpEmQibRROebc4N\/OonXc34WkAxZUnA1lC9DEfcItjHPS5bD37cnbpH0gQpDyjOpktkp2UlMdh3PUqigdjHcpUokGd4mAs+\/YFOJPQYT3L5Unc7NDJXghAQbx2nr+oAPx57SB2pRpLcQeD0J57sEpedBQn4XuPnJzaT3OIKdVjZBmwQsn6OHZjEK0I+7BC1eT+jxrPCCQKfpdarqx0mvDgQYWl9uo48EyOvlFkhXjzwZ\/g0nNk9VvOJk9J0L3HSGeXT5\/gmBR6HQc0jiTIlo7hsvOPQ3KzYvH0dkO6gGhTpZwbviYuyiUwG5\/Cp\/e2WVNyZPfnGcN5Yq8w9HkqxHdyOS\/V+K2Nr+z\/t9oTBcSlldci4yuZPSv54jSSzyl3XBHOkOKXk2uUGuEDrbGYDWDjiFbdv1FyP59FHXvE3S1kPDwZrclBqLVjCjaLRSpmxaO1vC1mUHsA9VdUzyhj6QCrLBTQmgQihfCEu5hhGU+ion9NQlLrK9oTWfzfxnTcAEZ5yGWkanmygLm+9oYrRVZ1F4Jvwb0tE+fDeLs7wGIQyOmoBn+nQCxSGP5d2AHoe92SDjy1zgLy7so5DxG+8kuTVKra\/VLGpeSv2BMHOhHwp+IbvaRN9HIXUwkF9r83JbUly94XxqcakWod6a1mV\/LGqgeo3kxq1FxWfhMN8rjVKFZGzFJ6mX2\/YZXsaSJZjewY6Cu2UYcvpY\/FkSF0lYeAQdYHKmAcZsWkEdMu300Gbvn2i0tmmx+0Pfx0fG70baFTfErZgkBhLstjRnhKlAAv8h\/BrE0FKt0hIVWumNRn+jd40MiH0FOkDtxG4SoZU5omb184ogJwSJ1DwMEnXaquhJ3BQtsRwGkEeGNf7HTidpttGUz8zz4MqSXh\/sHhtofPp0atPWf22qfpEefudIXIpM5OWo9PlSNER5a99KtuZQYrTPKfXeWMWl2r\/veNAfvGyupDsDnRcFsQsCPz\/BLfBLXAKixhxb3aK2FeGHnQ0jNhJL+CcLA+EE3AEmb4MU+e4t50YO+Eu7L+xkGD57kzrugTcmBgrRjBcEA=="} 02246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1568831054386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1372,"pkt_l4_len":1338,"ts_msec":1568831054386,"pkt":"QJkivOG5AKC8brI7CABFaAVOJeAAADQGja8I\/AKLwKgBhABQ5z6u3wtaAy5J4VAQgjIehwAAVmjXm6oo5VKTUUlxb0W3E81vB9ZxFtPKR4EIgDSzsMZRuBrZPVK+DJqL7elqQHFVnXmO54z2TD4Dj28sHaJvK3ncn6xerjIN7sy9I36\/eZVwP5Cn0qrC8AIkY36VwGWTyBzL7+xIagZlNa3RdzULDJLPoM7D0T0YcEi6MyZXBujPuViaYGsfAbwbgn5b6DYRWR+vA4m5e\/vJZrAW\/bO4lnM1BJsWdGV\/8pd\/FUa\/3fjHFNsT+sPBcZz6Pr9JhudnxHr0rYuSfPsMmCecU46VRczeyiL7GPuOWst16kiLytaPfmw3b1JemKUaLWf0Rhd7tiVMf+y\/xU92Yy8WKPlolDC+\/eoXKonvA6y22W6UVrQQj\/bE6aLoNFWCbKIU5dr\/\/8\/3LL2uDEkYeNu6isLGfN0uRj3j0syq\/3uWBBmJ1HnVgrOeWkVzjv7lh7mcjbm2aVY\/UEDPaGHqh8zm9yJsZvX01bLzllIV9mMdL8yprJYLmavuYMfBWKaAN3U9UQGvKECDlN4z2HO+J4xPvhH9iLqWBk0QkGYyEvJHvbEmgGYw0eiixXhbN61PL3vQszMz94fqlK5pwlcB6VB6WX6b6uBWQe8dUh+NRho\/TQ37e5+A+Gh2Dw+2aiXdKyItQFRaQIXpZvNp5UAOLjzRBJsDz6gL+L0e0Ft\/W+qfc0TfuOzULkgJCEdw2MvcfrnjeNyRqupEjBZ7VEG\/2PUqnoLlpBKavWueOqgdsWHlTk\/70r\/COI\/Gl1\/3TznIXWoErnC6X3PL+X68zzTEJ7Hnq5x2c95lQPmzFya\/bpfdWqx4WzM8awJD5g2lvQc+eqSPoA05rpB8AcIXF9rTPSGtqGjaYy0Btc8vA7gQG8\/5Wu3iN5SY9Ao2+ToNukNfVF5IcKGIL8V+ArUNIPL9bQ9Z7Vg922vlIcv9TsMg929w5q7QEWv\/1TB6gF7LEvo\/bZQBZwabLgVwUBRYTPcY4IYiNuRlgk6wEb3fGZdMxf5Cn8MdzbzHfSl7f2ifhduyGTvWdkVFSSaJMMTDFRh3Qsazze15JppJmOciPxTmUO6Doee7Zo9IwS5y\/MEFNqTe11Hq1tQB1sV8cRFS5yPS+g4NdOqnGEYVPT0YGGGhbjvrV+h7NQE6hzPLeHiqcpcB\/4x2WRwnNJLU4NV0l7Miq8XZJdl++t2uQwMhig32aEu66660GGqxvLiNfVTxzHnAW58k8RPs5R1Xd3elrqRaZXuypABSN8g0qP8atp9wdXFmAJcctJZBbgKspLsXP7kteWGM05W4GK0LoHcsLFvSHoJ\/wNGLjta9O+jdr1rpfvwHG9SoCfh8jrG9nN0fDkh6IU+sCQTC9vES4Pu3Vth\/t2elcn0yJFisar8rl0RF3rg9qx79lgeRTQxnydxILQw446KDk\/GPez\/zajHb\/6\/pWMcrOQhb0qIFF9cJ\/FhPavhImumyOd7eg9JvHdlByzw+wVWZgjo5gi664xi0E0lvkPN0BuMXnAOfvlyGr0h\/+zwKPH8AL7teqATUH+w6vUQtF+pCPMRfDUp7eadX7iztaCTNtt6VzyVkR\/y2PkT3DZQQJ9R\/dRTOnKuedYFQQIpAyGs2fI5PDSqa2Dx8h4p6rb304eiIRR76+o0\/0pJOOaus6W4DFqvp0xHo+nK7hqgIi+XLyhUT47YdAs7H16OeAnlSXD1GmM\/0zTAkev4sFFwerrPSec73af72KjqmDVr4SSOTm5yIv28qFzzqKQ7fiETThx19Awk29yOa1w=="} diff --git a/test/results/quic-23.pcap.out b/test/results/quic-23.pcap.out index af523a84a..8c4ed9003 100644 --- a/test/results/quic-23.pcap.out +++ b/test/results/quic-23.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-23.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-23.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1568282515655,"flow_last_seen":1568282515655,"flow_idle_time":180000,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"ts_msec":1568282515655,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1568282515655,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"ts_msec":1568282515655,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5BQgRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwUI0EbI\/wAAFwhgax2p4Mt\/UAjcZWkdxzWqcwBE5rEFViXUV0In7d2dXZD4W8++zjZDJBAgmoI+svdNaYLoeL2jqHl80IO9pEfUmkgFWLrT4IlQo8t\/87yXQq3IRCWsbaCVh5W99qNLF16ofVb625RKhJQKN3iU3vpP3WaISyCxGoJXiHsP7sj27ny7LXNNKzH3JhZ3bhiQLS2umcd29X6XChqhAWZjn23A4EHWtq4oNdhkFu8LZI\/zfG+rUZSQr5lxakbHyPuebWPbqVuz09T5esBIjonthwzDSYvYZa0ySbIdmaeXdhlU+E4gLC4WHroq5LZx9pnr7yREt9Dp2HJiUOt1EMzTCveDJnfcPHqR1d6\/YEuvBxkwGcxK7MQsgXVVjQjLsVYM3zgE\/nenut5XK3K7bJeAGfZxUrn\/Y\/S6NaLxM1FgdUyaPkXMATL13fHOLn2TPbUyanoNHsWUaGSz60C+oUnJItBjv49AfcrV5AnxAjninyCVT7ilbuKRBYQ5SPLHeBsT\/NbnYJzK0I1Zj3I7weUUkkcrweRBiR069XTJtWYqzSUqWU5sALkglRvuf6xbvYulQ0jX8ozHEripA5ju8KQBmPJZP7WSUIMlyS8g26Pb2k443GZRz9hlPYNrTsHRc88FbzG8+ahhy1UIvmg27b6gKLWKeoPRPqT\/23G0Wo1ikM4FoXKXzvnDWe1X8Z9PVn+LOSHYR1LqJoMp2f2mWQv847crRAwAw1YWxPVKlFpXb0rR+0hsSK+RIdQgAqDBA2QX26xlMLPLaV5FnoRKfTJi7o9j6TamnIQyR\/b\/g\/IDH2Be62ORQ7K4p27Oyqju5N6C9b0vid0F4+gZ13RNe5vPbvcGGwDUSCHzH5HuKrGh25US\/X91xJ8gist97L0Lrq0S80URKpcxHqC0QxbI4sgi04MOC\/6\/5f2icaiX5IcU\/hdojFqggO95m2grFOU8yda1Z+a+0B+UTPAWzUgGxyOkCthMdR1xVGZfRvlXwGjfBMd6dc\/vwfyp1b8YonfSnSW3vRZZoOvGgqRgE1cEyUD4uXR+I9J+U7b3lAENyqEE6S4PVFwPk4xcaNCNEAFsAmLQRfMnqgm4EclQ2fu\/X4rXYn\/w4VPhxSJ7gZUA4NgNeVynLRKqHUa727Gwo4yXA2fLLCZot4qNfI9GV8gEGhiMrmnJDuuHONvYi8VFwSgiQP9jsRAqGAnvDEEaUirzATf+CkE90c9u9BJN208aRmeL0Hgd\/ZHM6TlLySnssgUghAaObIZXCdBIsYxzkTGX3jv35junPGfSl4SRLk2gvnSptlPR\/Rn6scXnHyxcxY1Tth69QcUpqe9cAH3STuQaFNZjD1dVf2R7djGBGP8XFpAEp4Da6SL0QShqq2TI46wOMWpyGEWgp5CuFAlZyh9lsxPPSVCNRF6ZIHFDEA176ay7PnXocWlpL62qyFOm8ITDpOqmFNLCDdEm1Gb4uY5DgmlqhAIdCuIUzNcLPBAucHSIQlvc6jwsUov+EyqsbCmhoguNjYqYWkTXfROVcd+bJTmI+cPOgPBBwa2oOWk+BLrQ6aBz1dQvhb5YuoZMwA09AEkY+2M7NcQxKjjOU+yU4Hx1Fn0nTrg3sFfxY6wAlusfFhQgzHz4cuAwlvBXae00jqiXWXUvQQ1Rtfra3X+TNbZCCp1e2k+Vki2RypB\/ckwHS7gD9wnM+\/\/rgzF\/7w=="} 00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1568282515655,"flow_last_seen":1568282515655,"flow_idle_time":180000,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"ts_msec":1568282515655,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"h3-22","ja3":"d9e7bdb15af8e499820ca74a68affd78","tls_supported_versions":"TLSv1.3"}} diff --git a/test/results/quic-24.pcap.out b/test/results/quic-24.pcap.out index 531cae256..a5b2606cd 100644 --- a/test/results/quic-24.pcap.out +++ b/test/results/quic-24.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-24.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-24.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1574209133040,"flow_last_seen":1574209133040,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1574209133040,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574209133040,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1574209133040,"pkt":"ClnTQ78Jzivom94WCABFAAUA04pAAEARTk4KCQABCgkAAqHcAbsE7BkSw\/8AABgSKZqySaf1jUZ9aFypIIlM688aEfXDUlabjvj32ExHj28K\/LzWAES33jM5bR+MtpU1BLUazwIKZfi2UUsjupyQtwh0cwaTGSNsc3ziOvMvl5HeN7dnqFzrpWV5xSzaGXCCKPfdH3vP8j3J6ZLIzElZQZR3emJo528x+jgZIHOdaSnx3DWXxF2zh+YTIF4T7iX6QufVjaqbZGcqLfU2h5UhvDV4FwyX3uhlDNyKeZHYtgm98LQqq4\/RRT1KTyGKWwsLmYKiT2RZhGfdnj7cabAAzsX7Lk2p9chyJNCYC2rvLfiUJPAyxycnjNSX2Lj6Aqa8nfo2RgXdwfCaQgxab+TGB6bvb9v+EsUoxuSJh+r\/RN\/6YKeOx43w+asFLV8uu4y7ez42UTvh8WhWB9gu2sFvRZZAH2gXrPZjvaMUKjvUztSfZobDePj\/3bGH7ParnvadIlRAYU9Q2+DurqTinGpGLj1JdKLQoxeMx5eGSPtbuqNyirKapdyXJ8ZKCVjdL9m2B38WlanD9I0yGpWtoLvsOi8f8x\/fhHjJnp\/JSreuYABX7IvE9OH17Ka\/DYXSP3horLga3cmeawXPCcyfSVzp0vy3ZIaVNlu8tvkbFVJwffn9HIFK6HKNWjCpRF+ahuWdOTEeIZZ7i7JR8vw5bYFyaufxilZin8M6RIaJMeMrQc4vvfUfbDjsZuuyfMbD+CtkYjt3ODwFx3+9dnCnls3bcnN\/LK\/fVogu1W6dC2V8OgzkkQDp+glgaZFK3x1y9W9tAnAfcG86bUqaAVXac16E+jbjt3xUVxE3wSFwqpaXR87jZ7puVI7a++RK4x\/CPU7cBx4HxakipMRXAW7+Zzm5Uylji8R1ndMJge591UykzR\/a1rIFwcUFafwyzFwutVakAK\/iM4YhBMTpFZmHTyv44rZt\/SzvRW3ChO61o38I1VeCK0g8ZFXOiuIW\/pELm4Rr3xBh76iDlvWF6YcC0+i92ff1n2MDPlwUBp2JPBEhF9KRkoluOW0vEGZjgOTNF0WO0oSPjp6cRmPu7QFACVxUUAGGJ52pSjmae6FO4iTNFAYtrcv+HXjZLY56ae9mCQOyLL1m06CQPGFQiHOPr2CJqh4awJXrhUafIQCu5ugPi3shAySSxxSNpoi1XFyoXHmAfehBuKAMDEBi\/K2+sO4vF3gp9aph5gyVGEs0pc0rnIKidNla3xHEAlRzhJVd750Uscx9utTZFhNIJHFYbXnWol4tLG+jZZli4l18thfxYBatUVfQbpNdD\/lD+eYzZtOp7YtW1ZKF+ROaDrWxEjfCdVtcjK18Uyjgz5TeZuG7pFJ5t3qyXb+n\/5MzCAN9XPJPpQiYdvqPfvMUwezKWPFBlXc3KAr8TrBHXbzxwj68KugT8kPF6Hf1ZknvffVMbgWpKERCnzNCkdVDHz0qsfdTxN1E8gHLdnzTTb4wYHbDra2Qy1AzeGTZ5VuCqGVCxMyMSucpv1SUY2NRHw7nEKVm2pvwZDPcCeEad3kICbdC4XAMVUx0Mf\/rJlO1G38DhZUFTtkiOIXY+C24n5VM7VxZQ+dzu2YG1ROOR1dGwLm4sR7mTJIH6rldcwpGAOA19nihJl7wI7sV3QgaIXVtqDL9j\/YH7Q44xODtLK6dfnLZ9llZp8VromtwQj2StAFDoQ=="} 00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1574209133040,"flow_last_seen":1574209133040,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1574209133040,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-24","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}} diff --git a/test/results/quic-27.pcap.out b/test/results/quic-27.pcap.out index 4c4fe60dd..6eb7d3b11 100644 --- a/test/results/quic-27.pcap.out +++ b/test/results/quic-27.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-27.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-27.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592388075915,"flow_last_seen":1592388075915,"flow_idle_time":180000,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"ts_msec":1592388075915,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388075915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"ts_msec":1592388075915,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6BFLF\/wAAGwh7p3UKjzv1VgAARSBBNb8rxExjuvv1Ye++hbc9om0DU4NnwSG\/3UebQzKe+\/ChMR6f65IjHiAPoLAAXROmLqaJFJBg9Sjii5GNpIY1s7jLmFqalAiGP2eQLOW5rgxDWycwtAoSDO71eI9T1Uq7EBmGHvnPmeSBFCTAwbphrP9uMLPyAc17USwCikZDlt2XGVMfiXze2ila5iBclIpM\/nqIjbZDUUYzdC34yYbr54VrUe33DQppusK5QzTfqS+3bRJeNmvfVjhputwGoNup+0y7rJDCwpxgcjG0dCKgMjLHOmSc3TOXpHySWsU8YrZhzLttd3CTZRM5WZ+WibgEID8\/Y94\/jmGwbweD3Pfo3Ppwfbm6t+wCItY8yBKRQ+H5v5jedjzP\/LjrRtljajhGcJZd6HJgjueiAiaEAdj7fx0T9yjCxPVImLtLHfXPo558xAwXVU83pzT9xavzftzVp99vYm\/GU\/kg1VYfnH4H1qpMlTlic\/Q6Q8iLnCNGJ9LIhtmYFfunAmiyObADRsU4B6j4HoJX3if+mucsKdp+8N3ugLjM4uwUvOF7XyACDpCZ\/G3\/5X5J\/zKZkqDPUYvuluMsSOj8B9WlMWtbGerp5EjqolIlNnjYomDTKeHIxZZRBaJp\/QOHxqWVWl+MlH9KWaLg+UuJ1tkD\/z7oSb+H1aPInCB0q4IOfY52jC5M0sAyNUCCRYRJtlGM\/qM0P8wM\/vcpX4GIrlML77jxP6dU5SrTUTaXASv8j9337neVie5dGU901jPeI0ibTEPO5jmp5JTAiUrtWT\/OPLGl6+AqDrvj2iLYI6MfHf54Ll0eSJwKxczdOyajjbkW+wF4mDNBcrHs+Iy+NLs84KPkQaEHysgP5fydEh4OpzytKTjbeDrjBTG9KcUWYmBar2q8HpPFclPVfMJzlgzmG1ymiPOmBJDgqQ3ZUM2g855ht6g7tzCMio0LrDHG0qDTQGyGwGnOACHMF4aRlNBHHPXjD0AWFg5ITC\/muG1btVnHCRMRKjcJbcwgB5knd4j3yLyF5jIDRSKNhE6Ac48oXpl\/X8QX7id\/RdTdMTE+I9ImLp3efowsLaCMtmIEe+7JeD8HXS\/DHY7CcQC7QJJxTExlt1pZ1J8VxZQ\/Rin8crO7sCUZAX\/MAmOTczrCmlYKxmfZCym\/VBLaEls1IO\/vlhGhIazJ4ec+unaATLsbpA8gpl3A6fA\/mtphj6B2kmQmdb4PDBkjLGlUB9TA\/hWCdu8okA42ElpefKLs7iaYvj9eGjbpH4CtZIsn81hYHam0KixsLnFD01WT2G3jWF4\/p32XASEAIX2fGqhIl42kT79V0gWU\/zHFYX4d1dqE0R0QvDLgaBR5adJ\/AQSCQX30uHxQBsrPiDAUle40F0f\/CKLbXDtfvQg3i0EyI3KXCW22kEkJyctCWU066Vqsp6MiM5DPCQw20QD2L38WJTrzFxYD7gmCe1AwoQFfD6gqTnrS3Tj0ht5GTD8vsEYZ0oezjMP8XuBMCjClE8hToMxgRyaUKQoJ4zuAen+tMutEa2m48+u5jHJEJljGjHC4LHZWMR3906vXde+zdCg1ShHY11L\/Bz5vKrplIBCiT9vl3ZYNjO6hBlbKS8VP\/yg6gsLQ9AigFTHxstN+VusbiYbo8JJgQWEcDGy2dI9GZZqPmAAFQeJAEQIBnrb965lc\/aHxPwoSZtBKWldoAMiE22ownQezP3boCQ596Xlhlq\/aTLkj8uddR096XdeUuOzAUI7eEPdA9iCr"} 00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592388075915,"flow_last_seen":1592388075915,"flow_idle_time":180000,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"ts_msec":1592388075915,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} diff --git a/test/results/quic-28.pcap.out b/test/results/quic-28.pcap.out index 38ad01956..770993d39 100644 --- a/test/results/quic-28.pcap.out +++ b/test/results/quic-28.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-28.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-28.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1591267474847,"flow_last_seen":1591267474847,"flow_idle_time":180000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"ts_msec":1591267474847,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591267474847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"ts_msec":1591267474847,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsBAAEARSUwKCQACaBoL8OrKAbsEuILewf8AABwQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgmEZ7SPB63FDIt1\/BNmaABrW7\/a2mJ6Qg87qxio5qp+Au1rZycjjs1xq27TUqOstzWUVkmwpCYXpvpOqlbwTvnFsXueqMWKDAlTPVsrztIv2pHHHaD8h888fq\/JGG\/YMsyu4siFFo62sUPCzYnviiGb9Ejlp4qwUTq4AjO99Rthdv2GbNC\/OStXSWSDjD\/leZL9UJEZcJ3LhlgqAVgxUVrxuE0rbeF3i8aF9iakAqxlqpoDj1+5t7ILe8xHKg8FUG1XnL5zpn1\/qeTvTEm18Ejt5DZJvb7rSMM3y0kFKOsdK3+oTGrisBL0Fe\/eBZ9f4xHzZvM5y3BCl2N6qMFMX+sMnr8ggfIKSQlAxo6qy68ZM170NeiI1bIaY98nIrG3zZt3dnHbbcgfFiN6lFzYaQLJBtV\/WEYTHy0okUamYC\/5cNM9tSXVBXfneC5HIpPjBuuyE4+LzF5EWg6rp8zulZ5VOTIetNIdJsnU+GlxyeY+BVtCQCCyWElUlL9X91YgIZ8MpCHxRq8ZJCkmY4nF34gFHgfsegffKnBAav99zdzm50AvMu4lP1B1F6cRA2HMPmAvCgUL1IKMcacz2eCZBB7FWHguZbpDdL2+wruFSVOAWeB+lE\/kuyF3MF8D5tAMKtEitOKdhqy3C3qGvZcZVGOZKPWGr2BC7JbZdFGIyYmNwp\/bvvX8XvDggJHwe6xhqAz5sua3BsvUJ1vySN4kKaHQ3EYKLbPPRjDwQinHrO49sFr8oWJyt7OK1yq06uwrlP3p4sqV3\/tL4FsOHtHVAI5LvRB8KISYciiug2cmuSgzkDgaTo\/e3D\/u+rCXDQ3xoip3ktBsckfTnGfFRGZIYxKdaQnHhOXiTzFQ6mSTNof1wHefWEQube1a92cmaAPSGQOt3LWbH6N8\/qM1mTakjE+QJv0K3HWVx+nbk2qFqJc+rHv1Ie37Z2+wHGh0NjwgX3P+8AdCqq6tgRzOpAdLNRrnirmseM\/zZQ0+cDRuw83pFP+UWZ+PCK3wKRZu1IhQ2h6D6lcGAbZA9ehc5yOvz0v1LsR84aEk1FsEGNTqF56I+GB\/2xRH4N5F5aeUjnenJzGpEQkofmIzcU+knq+dcQuuDHuOTLNDIaiPO+4HYzT5IY6vCSgCHcPgQVRcUuuSg\/GpGaVSknd81XIsamcRfeqURHQ1MVwmLxgOMP3+I5HFeghmJ+ki2zeRb+13f3SNlS\/RoVNOTrzjA86oM8wlv5t\/i38dgJDMR2ZvO+tz4iV7y7Y3T7RFYvvK2F7LLOH5ZrOKSeJb1SNqfpAw6nEHN8am8q6WcZIClcZqDQiuuDV2HpT1RM8QezzenJxkksNL2P07lZwI9HU4P7Ayp4wWZ6zeiRYoRywRS5R5VWfF7StuaGYuXatUeylxdjHJ8UwmFRvFoXP+8SlDa8jkz\/qhABAK7x0AzjsV\/3jzRSi1nVL9yl92ydFm7OXWFMLaMdafTsMx6SG3eTR9qPpGQqQKfrm9F1wk7utXsAM9DKqSLm\/MYVhMIgqodecjchaLAXg4QPX1N"} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1591267474847,"flow_last_seen":1591267474847,"flow_idle_time":180000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"ts_msec":1591267474847,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.wireshark.org","version":"TLSv1.3","alpn":"h3-28,h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} diff --git a/test/results/quic-29.pcap.out b/test/results/quic-29.pcap.out index ad242175f..63aba5c9a 100644 --- a/test/results/quic-29.pcap.out +++ b/test/results/quic-29.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-29.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-29.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592171671664,"flow_last_seen":1592171671664,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1592171671664,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592171671664,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1592171671664,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z1AAEARMDsKCQABCgkAAo7sAbsE7BkSwv8AAB0S824HvwtwiO8oxx1Iisqv85\/8EUOUTtoYvrflSLONN1vzwqO8AES3Q7WQp5eFbP47Q12xYKXOiuR8OKc8Zd+z5\/wDTiaB2gylmmpfXoWWnW9m4cfo29uCTrqUeoQcDlNjFKjOZThrp+QrfaDvzF+TP2mbdVAn5DVFyc3TGw9yc6eNagzixiAUYroBLFYv1DYB54ctmkUUCF38C+LrP5XSP2Zcs3QEOQDdiNvhWKUx+vneyJD2Ddv1Of313oIRItyeXVn2LxKac2RjP4PRAhodOpWDrnkB66u8HOFxUv4Q9HU8anll\/ZatcRtN\/kzzFFzf5YoYXwbtiynEhfyRDYp9NIa5aU5ngHDoeAIY8EqAjkZzDBZrpJEN70XKdgxbZ09x248vkii\/BYPsm8gwjS+Z+NMDUp5BndSqJan6LYduiBKS1FQ2ECMHPifIAeRkFfGsYIjcHELHJvd3bjIuQ5jcLDQ11GM29Aqw0CMdlCZ0GZUFJPoOBYtbWkB+AArzMv7l1fpdC85LE6kYaNSupy\/kxn4q0Fd9nlOil4czF7np40hmUQT5zuUOIMe57G4ak0l7jLPPFgnjPcuJ5+bhZHgxqEou6YPiVeaRUocITEWkE47FVdJ4XctN7CMWrbtrVTRyiKoG5jKjipRDy+FAnWpWY5dsQU4VKty4nhdiXpcyaazCMiTBlzAZlJ+9vVzyUo2gVZTdT1AmyQCJjmCzYg+wq4NqxE5hDx4BVlFY7VlIfT+LOXZeM++nsIOJaY7JaSW2i+1ji7jGvwvZ+l6xB5JTnisqnUTdF8GRkRAiTg25HBspHwtWrq\/Po4lqvzDZYM3JiaCh5C8UbvK9JJyDT8vEGu5LZu4vyW+zCsCEy6HtYm+Tl+y0wBH9TYuhybK9k4L\/MkebKAkQQeZPvBNwHsBWnmGK44Fke47qlm10TFPJJuYjv3s2WkxpofqtAF0qtGkvoZjB6BMweDMLBzljRd+MpcpgKx6R7LMPjs6dfEoyR\/++4fMZPmZ5nKh9L2NomKnJgnI\/Q7cjkj8+4G7DpTq\/5CiPCn768EbsWDr31eOflbsg2q5K0cAqBbvuSWrrcKEWWT9pbchcsh+CF4s8+eUg6FJomv69IBBZDRAHTYWn3VGlccxntEoW7HpxMfIbSnMt1P6bfNeHK9ADAu1LaTZlKkjjmK+gbjyes7l1CGt0SYwE5uDE0ieZjOn+NT2n96TJjl6343hGsZGGMospEVXz6DJx68jscskAGRLftunAK4Wcrbm0MVyZUbf68HXckrAHSl5ZN\/gbwXjHwC\/6kW\/aiMNhQdY8NhboJQcKwTMbOAeVwKF1KGzLGKNIqA8cRIBh1T1WLCqei3k8gd\/C7bxKNgXzYeJGw\/scGAKCWrce0B8GF8XORgu1hVv6Mwd\/suBo\/oG9g9Uq0JP+2Gj4EQHkZYzIbeC00Rkd0VLJzec5p8sOl7k1oJ2JxQnDqWq6c8EgrVrSv8x08C46hCl\/izdOK7GvwGEQaUkOOkL0AriEREHoeCFJRFtP85AqwidJch8tbK+7ugQPN0bUklhiKNfnQ3Ch72i6f0K8Dx8w3Oub6KBk7WsmEtFBIijRDgwb5rVjtiIuJyF+6hegy2WW6xf3iWQ7NMMjWxMe231j5YtMgDPBTVbFARaKzxZnq\/YZAw=="} 00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592171671664,"flow_last_seen":1592171671664,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1592171671664,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-29","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}} diff --git a/test/results/quic-33.pcapng.out b/test/results/quic-33.pcapng.out index 8d09f7322..b46c3ad6a 100644 --- a/test/results/quic-33.pcapng.out +++ b/test/results/quic-33.pcapng.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-33.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-33.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1607938456563,"flow_last_seen":1607938456563,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1607938456563,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1607938456563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1607938456563,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwTYBOvLAAAAAQiH9eh3C8+VTAijB72XkxHdoQBEtoviUAck6tyLLoPW9VDwFsyJg3YOj5\/ZBBxoLZq+uwOezSI+NQXptD5by+TGWuPRPrDAYZviuXsVHC7HmqDeEDG8QAq3dV\/xeXm5rkywye7b+vdo1p1fctM\/Oux9r7eV+Bkfx5+wJ0fdvlhyFGnTrwdcg8+4C7doPPgPdg\/HlJ+WJBdBNlB5bMDPwE7kBX2Dh4rUsRtMuI8UcuXEYHPlESOyFKyqmw1DOdGJ\/piVc003W0\/LEq1Eo7qm+0VXxD0O2HOCIiEHQSR0LHjT1VxLfzhAmJaat83P4NhBjDwwPEBaziMk5Xx7FlGTbjmQXwNdCCRvlZwHV8Z1FjV1KFEWUlByB6YIRcrWgtYq\/i+4joHr0arERD7m6OPY7fw34Aislp\/J5tfwN5lpBEW4eq0YBQWIW+o0WsbDygLLOE8qK7VrIW545\/s6vWmiqY\/nX3eqKbXLLa\/FVUoUAYah6VY+54jT2WSxlVbjRbKzNCmQ7iFaNpCpIEDqRUT3251KkF2ic95oNqA7SdIHar3DhA1BLknCroi9vMu8dB8ZQzinHdG0dXM7MT\/3xjsj6W1BusBxpaKNCgk4AWnV4woWWMHuv3AkSN3SkyzvUkLVvh69eozjggDPPRwSQSUAzHDWzbhw1M0maJHN9uf4A3ju1BNcFXtgNbzbLvZ8jRjuvbV5+sT2dKCIGszHbDe\/k7VIj14F5Oz9yEIDLSjcjUNYxAEtmmIW3gkE0URoURbr4fR+9IcL0qzkw6dXZu343bgbz5HR6MUnSxTpV9fqwSf9hnrNjraoPMA+2dRpP1Zgg8SJxppmH92oRToz9aDvX2GEC3Onm3NhLiCy9XRFGhGu\/fP4euaO\/LhZROPQcNzbK0KhgrgIkbbcdw+GG0U1DyrSN2MCSa0G\/gdd0iXjRkpuSltfEWcs6h5VKXYCs0nARTLsAmshRBI4tBnyE8czB9KDGhDi69S4dxLc2GhDvI7sBC3oYplXnPFpYJ5UZlYX4x4JzCNfzPKJLkB1GZ\/\/fH4d4Bdn3o+N0leV4SXwVyj8+XQXm2lqcn0l4280XR1PY9wT7WxHSwRDVHU1WF+J6uEthL0G\/TTOA8IENfk0c9FtN1gtuZbVqEenj8UavApG8YgiwEFLw3lw7QwEpdl2suMFgNMJ9GKiLgGbJ0iDoFumS7lgCZ\/nQNWC5kLAQ+6RwzRxTfyP7COmrj9VOCl2+wDLTe3MfV2rc9okYbhZWBQ90PNxn4RsPjc\/Y6ROnBtAhNHbhNOY4vkKTiqPf\/zXa6gyKLJwM4B2ikSmnMEc6pOt0km1BxO3IMATJR3y2TyvQwDT4h3LmpQf0gEdwRzggs5B+E7eqr4GF3leCUThvLN07bE6f2xjlfM9GVfW\/hyXIlfEkPiVHs0uNEuAtqja9wjv+TVSELvsqoLajQtysd2XscH\/uqkhI80k6EzletW\/z347Tefjbi7un6kw52zxXR3upATGEcY8WECkFSms+LV3Cbtq+fVkM8LR8ZIcoDoUWH511e8PHOE07KwOpTJwROur3JKswX2UtackuKBEnRIb2VrFAu8O8Bq\/G9385WeZn1kznfucxDKavwZd9obaQ66d2I\/H3+7RezClYA=="} 00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1607938456563,"flow_last_seen":1607938456563,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1607938456563,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} diff --git a/test/results/quic-mvfst-22.pcap.out b/test/results/quic-mvfst-22.pcap.out index 598317d49..ce3e2b75f 100644 --- a/test/results/quic-mvfst-22.pcap.out +++ b/test/results/quic-mvfst-22.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":24710,"flow_last_seen":24710,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":24710,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":24710,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"ts_msec":24710,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEARtN0KAAIPHw1WCIsRAbsE2LapyfrOsAEIVt4FS0mAWdwAAES+glHsK6O\/Oq7IqxunKa1n3XFv8eVEdrO\/buZ2LMAVEB2NyWCg6hfO6EP+vLVLmftkS1PJQqVl7L+7l7BI482Kpj4ofT9JnOQ0xEE4Vys3R4pwXiPc1lMJx32RX9zKYm+Z1fbMOyayi7zU0q+i63OayYrYD3jSt+Vvv7BMyIgMJ2yBRML4Cvl27dkQOy02PKy9hJb4U9IakyZ9jxJvJUG6tfB\/LJZUaX2z8xaFt+J6lEY3AOj1WgBxHOY78xSQcl0cfAaJSIKcA9Vn4sv\/fiPAKil0a5hIx6QXM2jiv4vFSqcgQHPhjbxlmksCUD71+BcElvTx09somsejpTEXOX5DumiTu+RmoxzAPxad\/yoHUmpVtJwSnjk0zwlToGO6SDPnEODnYt3LIvHRsx7mnFExLWnr+yQHfYFCeLNMctGGZBMubCx4gjt048OWguRvM18ud1xw3iRiS5rez8OMJIfcMnRlbnJA4MyOhWSWUbuYwKHXBZjNJSArgDpEssUAVBEOZQpnBVnXDGsqdTXz0eM1y7mnenMoiYqQeMnNMBDyturRKjEAiVgPEzOZ8CufggYEMfnAHCuOwF04gvqplTrrZWKOSNpdQNeFrRsWk7y1RbIKw3b8jWOTzA\/3wnocU7LCIqLpjBDheYw+YKL\/QStNjvcf462QDT2fMTEzd2qFUE5\/HIdvgFCjr11QAYfzSa9caF4orrxStMFBMwLrngiPEoNK2oL1ixSvqcDH1eCryay+ufbCfgtp9mN21cP9bS1fp+KOtJdRjk+WwIrnLE7yFL2kPl4Y1ub8Ic+0DgBOwxUrYa0lSq611ixLqvgBVVHqkVlsmy5FzYlt4nKwAzaE+UMlVSse0y5ciP9QYj7PgUOQsYRJLOdnUB1nb1cLIVzISsr9mEOc4Z\/V5yQfx0Je4KZnrBbnTxqzPJmczioPnEqWI3SSJQvibzfqftopphp69YYIvmngwQ9boqS8nu\/0Z90F4tXrXlEqVlkyt8z345OCJheKM35O3g1+gtDgXes9IlOq0VZHWc1xWYAyu3e5lYps9GawHgztTKd5Dh6phItAr7WJdjC7E5+Hw0Djk+jR2QPNAEyXNvBFWYdDCSKqCL0EW4k8u46MkhLkYoD\/U5LiEaiB5YSuGX8HZDJEwdOPPEWcT2hknjUDiQIy7tuEeBHkZxly3y9r8TtSEnAlDGbBVFAT+DI1sU7ifZHKOelnaNbzJX29JqcLfJH6OdFC035GL8QU1vvk19qbGftY3DBf6EJAhrCyEG8T68nr4mpyNVonkDSzrMh1qFjIZcwFXjgWWM6+wxfrI7EB5HOgW0H2RU+8jBV8bTAp0cYUEIW83AlhSIGJhaN4hzo4QbiQ\/NEKSL4V6HA7r2y3QQu7WQiGeuhWzieHC\/re+NOqmY8UZ2Nbtc52d9K25gQKE7BXNhq2zsjuIhLJme7BBI75RlEqF\/camjLVcquotPgLUp7uXIyomz0zmkrCGiGxy4HlklTCcE1ashYaXZA\/9HX39Pj6qB+WKglzfibh+ldNWXcB79RaHBC3E7rGwoRJM5jkaMEkWLJVppPuZZUXD0CLZZ5SItvsTmJ1D5A5i3llXNLFE2q4czLsPbe5Ft7r2t0="} 00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":24710,"flow_last_seen":24710,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":24710,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05,h1q-fb","ja3":"a3795d067fbf6f44c8657f9e9cbae493","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}} diff --git a/test/results/quic-mvfst-22_decryption_error.pcap.out b/test/results/quic-mvfst-22_decryption_error.pcap.out index bce4b50e0..c596095f3 100644 --- a/test/results/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/quic-mvfst-22_decryption_error.pcap.out @@ -1,4 +1,4 @@ -00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 02000{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1260,"pkt_l4_len":0,"ts_msec":1593498296832,"pkt":"RTgE7B0GAABAEeVBCuYoqF5h4ZLy9AG7BNgTGcP6zrABCEACR1YBz3h7AABEvkgDSkdXT8KDRtZ6SuR9aklyes\/l4Sioa5nXAcPGveAb5Mb0k7uBERsrnzBa9uno+scwKQJ+8HaE7SwNRWaJ0B+VYq5sgzaHE9BksItfZB05b19PkWz3XaOJPeabOxbegkEde\/7BgQc2iMQiMZifq3YQkFbpelKpfZ8UxZbKFKO8T8enNpDFvm79StOLsc58r6VUI7R7RX2Dh+7UvHc8w55LVS4nFdKyvt+gLMAzuTrAqSRX04ucEX43SZLKcpJ+X+iK\/v9u1yLmGT\/8hHS\/A3VBUuWVRkAqUr3zRxflhV5CjsXky9idxKWm4C9Pn6cw4624LuYteYIUWOTHQHv3zV5\/rnXQxed5aHO337llijw0yLFxpnpOUEtoxTKtZZeNyR3\/hCIkY3n14k3gHfYXZl5t7DMoJYBnIHHhmdFCOK4sdCcKtpOlPKhDiv0BdCMImPxwr5CZ3d0NvKvNFKbylEYXGyw6diXHrADpP1Bpo7IsDo6OECekYHLzamw7fo5GRjTg4wyZ585sRHNOY5UQ14urjp6qTgyJaK+bJQKQXSG\/jPsJRoA3bT9RYwhd92VXr\/SRpMsMI1dgiAabVuN6aapjwqQ05GcX1xWXUOswELHBWeda+RZSG0ealfCxTmgk\/LmTIARNNTXtxke0sf\/IlfnV3ikcr9NqDIrI6of1G3cZfUQGBWE6gBVL5hH\/8pDG4T4ZpNiYz4Y0kEK9VRD1GZ0w6BCqlt\/kg2zd6ahgaI4n0T7BllqMO01YZ1t9pyXJShYy7a1\/GE3TCKsHNgIVU+OzGaBubO2O8foCsTRqluuqUPhG3n2E8MHmbHfrbqadkpRwbm5mHSUiRHvHPOMZ3uD3xF6j764aqPOQrl01dj1iQP+qGIcEY5l4ogPeALtV3hU5f7bpvLSDPKVoHsWvz++bxVzr7sgAnGREUzsxKt4SUYuRzz53icFmvd9rxNmgOaF+PEw\/dQIcNJqpxX8ulzLr4tUIjHsZy8Y3w0WHWlRvXX5BFt\/FNL6D1z9p+LMmNXuSPqVvh56LVqzeEf7uD4SQyYHHodFZUSZh4UJZfGLFC0eeFNy2qBWMNwCptrLdwN5PCZlQ07ewM1OmYFXib\/9zYOSk4B0N24Ml1I3V+BUt9Q\/f7In0Lo1bYVhzoFFJnm1wIhEDEaXvsKWXwZTHPIpl1Hz1I\/6Yq3hsX1N3dtM00S1An2mdoc9+06efV9TeSDkQwX8r+ZabNOKTRtHqXDe1Wl+aE\/ZahNHsuY3HnDuGINcHsBCTv1ovOmoDAi0RUdYM0lPaGHSMu61RpKW5cRQ0Cdy0+WZXfm0NBcMkEOs1K83zDl3Ni0ybs6vWiqa45kxw7H1vC362nLorQvhZdy7wTrE4RWiFGT0Xccp4Rl8QprALjpWqFcS7MPnifCUJZzLuwLuogz6ePAO7YscFlIza4b2sSjihSJrD9QLuOyhifjzSEn4amVk5ivqXVE+QZ1R7NVlYJU0wlh1SwakKVblsHRVpjkjVrp5to9V854cET1W0se7gIi2a7oXoLvW8CT8NdthxNrd\/AUaazo7KSGS96THBAG+HmraPSIMT5EEnSDc\/KXc1EWvMFe0xKOugeQC4v6tFGa5dLsgNI0TE"} 00168{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","type":12} 00444{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"ts_msec":1593498296833,"pkt":"RQAAapbBAABAEXBACuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} diff --git a/test/results/quic-mvfst-27.pcapng.out b/test/results/quic-mvfst-27.pcapng.out index 8212c411a..b4cfd7026 100644 --- a/test/results/quic-mvfst-27.pcapng.out +++ b/test/results/quic-mvfst-27.pcapng.out @@ -1,4 +1,4 @@ -00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00540{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":41432,"flow_last_seen":41432,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":41432,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":41432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"ts_msec":41432,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":41432,"flow_last_seen":41432,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":41432,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}} diff --git a/test/results/quic-mvfst-exp.pcap.out b/test/results/quic-mvfst-exp.pcap.out index 226d8b033..d022c8eb7 100644 --- a/test/results/quic-mvfst-exp.pcap.out +++ b/test/results/quic-mvfst-exp.pcap.out @@ -1,4 +1,4 @@ -00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00614{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1600365863681,"flow_last_seen":1600365863681,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1600365863681,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1600365863681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1600365863681,"pkt":"AAAAAAAAAAsAUu6Rht1gBpyIBNgRPyqszffVBngHkJIHX6lj9Ks\/Zezp\/nFuKvrOsAwAADWO4PMBuwTY\/EXK+s6wDgg1+NsuZhAnFwAARL4kVSVotvSiGmEI+vf+6CaV5hF7i\/CNKP0SXP7gxh\/sxeTenPB321XyE03WMCMX5b0eBa3DvRz2ddP3nWt6RdJ6WlZ9RTUGfAgTt+boE098trxFEsZIDO4\/DGShxxtoHXyvbFJFZJY0NVf+5UIwrXhHYlSki1K9uuFNSNm\/ALl0YIaUgr\/hopr4M+GsiGyiXAxXGDCmRgFFJroypQa7DZkA\/BSQvOBo1rqXUCQO+Y2WWIxccuRC5scGp+LAauwOKvDUuqswyG3OiHxvk+4qy\/tgRCHGZHD5raZzP7vxY5Zs6GXSOIKOFNW9+pK0jmGVAbreKgkrE9sNhCR5J7EDI\/UBo5nIVV7hZ+6dUskPxqT226TZBRzj0d\/LhQMJiWr\/Qtbyf20wKLkGnJvpCUZRODDUv\/HGzAiYKec9iLyl0xI4dsRlBPj3\/qk96+vHWCFBI5LJgkJSDIg2Oo0As+19Rmue72aosPjR8lHRyP7b2qSVRFvzkCL3hktDhhGNO2\/8vk6Dat1dxesYiMWkhhopkoH3vOXEevmQ1BrZpcIa7nhP0ob5JIk\/hYvfODfiXG2nnd65+lyb3xKLOkY1QOG2eHx4XtxJxV95ybltVj+AOro0Qb33f0uOBVhhxvPUxRnp1BveoGGqIq\/gfX6EzojL9Sr70hu0h97z51g5q\/G2yqDMTtMccVw+1tkM704jcVZPtS1KIRHzNry1Wih4L55uLybOgft8GHReUqVXO1rtmuTmjHvXxkkq+hW3ZO6Zpt9Zifkk1BLxuaoYoAdg22ALnpTN7VcYCixWlGY122eH2AkgeHYXtrQFh65CCR9dukVHEdRzSFLcF70tHYbZmR+Hm+VVpk48niHEmJvv4wz9TBdQco4TCXjTYLJ6WcVyXCnuHUIWmzQviL8DqcqYSvAxXtEwy\/ABThsNXM6AftQYLRXbcYkYcHWoidGESnafRJGVZwQz25kCkv7ZqgFWYx1xBNnbz9WMnFbBke3DlYRgpZd0ntBDhPehb1WGgxtlkSGO7bjYqCQFYUxhzr1MjEh8JkUM3KCwxgTJlwEoiFSZNBGWOnQnoaXqibsTGdkQ5xDUg\/xJIomN6D9X+YN7QfJRKDelG4gB\/R7MztnSA22E0XjX\/\/YRNN+qvPmrVWdwLFx5rwOTZ2Bwq1XJX0Y4X9FYc8xlkhOJreo9JcUXHssUuTUo6BWARFU9bhlwavKy3u7J0kMozdjG\/WbocG2iKuKdvYnwlwF4XA49pUvEDnV0LhAGSigDeY9WEVq5NPU8kaL0aKpcV9sZJjCTDkCQvVnASsCd3+zuMIFTH\/wm3IfeUdpSYh69FBYn0JPZJnE\/f2WC+G83QQZNTxoXLd9yFjxvmJQ7W1L4zZf2d490E4pdqLfAEFuTNKFuLGgQ+LZN4YH\/5qowNrJyvVezIyiysoAoiKoYlx0R5mslIlSfPbwSJbTB1uxs3rqeOf8ivbtSiOzeCzsWNJXJslzqZupoGqw7\/SmaFxzLXGXzdi02UgxbJUV3MNetwoWntiOQ\/Z\/49uutTCmO52WyUtp6uT2QPgpYOad0YVkiJmMQURNTDa6EXQiGewAMntXsHYGBjMrsKmJQ9FFiiK9Zn62NIBtpITbvAg=="} 00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1600365863681,"flow_last_seen":1600365863681,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1600365863681,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"video.fmct2-3.fna.fbcdn.net","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}} diff --git a/test/results/quic.pcap.out b/test/results/quic.pcap.out index 5e539277b..3cf831098 100644 --- a/test/results/quic.pcap.out +++ b/test/results/quic.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1431155536815,"flow_last_seen":1431155536815,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1431155536815,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431155536815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1431155536815,"pkt":"ZHACjT05eJKcD6iOCABFAAViHYdAAEARqU7AqAFt2DrUZeHpAbsFTjSmDbLeXfFPVUXrUTAyNAE7bomG+Dzzt6arXQUBoAEABENITE8YAAAAUEFEAIcBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQkAgAAU0NJRDQCAABUQ0lEOAIAAFBETUQ8AgAAU1JCRkACAABJQ1NMRAIAAFBVQlNkAgAAU0NMU2gCAABLRVhTbAIAAENPUFRsAgAAQ0NSVIQCAABDR1NUiAIAAElSVFSMAgAAQ0VUVjADAABDRkNXNAMAAFNGQ1c4AwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLW1haWwuZ29vZ2xlLmNvbT0+v6ewgcRvrlDFl4IgCKBtLSXVw73kkvbSDmvcmOf2TBMxulvrGz8yGTFdF5jLNEfrxdDYlT46wVhRMDI0OZ\/5U0D3\/sl7Junn5Fxx\/1VNs1C1kCtxr0CV9UPILNoJ6w2heNOu0THXmZnbqXjfZAAAAEFFU0diZXRhIENocm9tZS80My4wLjIzNTcuNDWSgFuKS9buSt4mHNzF5UW8AAAAAFg1MDkAAAQAHgAAALUiugwS5Xe6lV7+35SrDjhQNi2XDPMM\/SAa6745q60xAQAAAEMyNTWyymQS2aTzwxJH\/U1CkeUIQAt7kKmueetRQklDOGABACXmg4KWna0TB6ed5h20iLVA1zTe0FGDOptzFKaIlVwv9K6LN7uMdA4zwVZIB1iByXkmIDPeaAjR8KDHiEXiLMdlilnNIxXrsf36+nSmAywD99MMia5QSojDYPQnkx\/kpc2+WkgLuTD7x6JugKntVJ0OcgBRa3ZbeaVzbIzXT9DutsK0zdmFTlT7PzF\/1Y0KupYf9uk4kqnlGvQLoUuyyKbFovu6AACgAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1431155536815,"flow_last_seen":1431155536815,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1431155536815,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"},"quic": {"client_requested_server_name":"mail.google.com","user_agent":"beta Chrome\/43.0.2357.45"}} diff --git a/test/results/quic046.pcap.out b/test/results/quic046.pcap.out index 199ba8ed4..5af772cca 100644 --- a/test/results/quic046.pcap.out +++ b/test/results/quic046.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic046.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic046.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1584456191933,"flow_last_seen":1584456191933,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1584456191933,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1584456191933,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1584456191933,"pkt":"ILABHGh4AJqdnpsZCABFAAViVw9AAIARNVbAqAHs2DrOVsWbAbsFTsB3w1EwNDZQtKT59fQu3TkAAAABmZPTs83+bYJOmUXloAEEAENITE8ZAAAAUEFEAPABAABTTkkA+wEAAFNUSwAxAgAAVkVSADUCAABDQ1MARQIAAE5PTkNlAgAAQUVBRGkCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb23iUlTd91Wbyacedc4KWbvYAO9ezSoYOG3jhMeQafLfpHKvILz9Ye+me5P5nrw5Y\/leQsX7MclRMDQ2AeiBYJKSGuh+7YCGohWCkV5w4f4wMDAwMDAwML0xAKSRUT2iY62vYCLSlIfkuoKwQUVTR0Nocm9tZS84MC4wLjM5ODcuMTMyIFdpbmRvd3MgTlQgNi4zOyBXaW42NDsgeDY0mMqP9vF+kzJdLqfvNTDv5wAAAABYNTA5AQAAAB4AAABhJXvQ9+6Hu83ruEOa1Y6Y5fjbWd3ky8\/JdT+d+\/AZZsvZnn1BDAzSykK3Urbw\/IrLoBtlbcpqYoDEomljzhkwZAAAAAEAAABDMjU18ubMxD2HxlI1UlRPQUNLRPLmzMQ9h8ZSYDLLkqBBTd\/6RwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00711{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1584456191933,"flow_last_seen":1584456191933,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1584456191933,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64"}} diff --git a/test/results/quic_0RTT.pcap.out b/test/results/quic_0RTT.pcap.out index 2534468ae..f0e9fe7e1 100644 --- a/test/results/quic_0RTT.pcap.out +++ b/test/results/quic_0RTT.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_0RTT.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_0RTT.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1603888789791,"flow_last_seen":1603888789791,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603888789791,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603888789791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603888789791,"pkt":"AAAAAAAAAAAAAAAAht1gINJtBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB7CsRWwTYBOvD\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+zL7OkPMAtXpNlW5O0b2\/q+3KdcOtoYFqBIwOi4AbeOZTA9r8spxR89EzuGsSMH\/bUH9ekHEQ922xeaUjW2FgbWmXjMqS+663UY67NIITXpkFxwR22N+eMGvlLVxq1DPyvGiZiTcqCSaCZ0JYqKt+vdrIBp0w3K49QUaWm1DuJd+cQIJzCcz93gKXA+aQn8qJuO+lEHGyiCLVgeWI9\/dk7q4fiSnyVYB8Z\/88\/1PGsSPr7zMnahidPl8sGnTG9MT+px4myWEEHOjoSU0yW9DlNQElkOgitzZjllGvGhUhiBIICMF4QAUv3\/uP2UIoOlO5XivEkb+TEkDY+TeRlQOAIIUbsGZNooxIOe9TQJ82TvA7CrEVTKBa\/0UwEVbDA+egVUviZQiH5ib3Eft7yjRSwrLosJr+JYLE\/b1gPCQqV3\/X9AjXGrd184V\/I069AxL1W3hrfjhc9kTxr61FQb3iBePpHQNPrmWPpWzg65lBvr27yyzoj6wYSTbO781l0YatfDl\/dDvdQIfKr2P6uLMGzJJZkB+Ef6aEehROc00Tde4mLvS3KtN0T7iH4IEsYc3Db9k0scho9GMCBSBIiEPvgGR0Y67dvPV5slktWIWuArg\/VlYjYX5wnaRfV563WjXbTYNGUsYH6yJ12K39PLd+9sxGuDsDv7wuOHQ\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+0KnwyOIE1IPFP+gl6zZC2dnhr2vJbjX4p4gjfOHidbDFdeXHDeCB6AR+v8jJSYiWVKpOKT1tYDZ2eaYAb8EM4juskAwg8WJRDDALjE67avfbFy2bAKFGVwliLbq9g9yfe2DG7zudaoq7VcKjW8DJUYzFu0kG3f0I+eg9KERSSE9tNgraaUChfDY0CfeGXPHIGfNOqV2eildt3CypMlgx434dmv5i8bOFyWursPeR9FPxLAp0E17z39ZowCy9mzMTuEiKSfVFZVEb8A56B9ppGExgQC8QO0Af3vfqS2ttKNvFYUOgdWvnxDVxIQ3xlWS6ELnr9IEyJP7QN13nNZW2yyDnRClGdlAqhKZndvswyZgxdwswpMFr+Hp46L60HP3+Etr\/g+ZQ+dSKaPL8j+qjU4\/5GbDlG+Y8GGpP5yetDzWW4wN5wTi1RfvXLkUi4VB3m4LwQbvS4nockw+p2t9FIJYuLtV0dMHU6Hv7HaVbrS2rEeooj88IkO1U14qUJPxLmg2Uy36iXq2YaI6VfIvwaNOpQxMq6KJ4BIC327gV6F7pkRGqQyr\/fLXQ9\/QAgpjmMNkP95RpEi6vYM4P3hLk7YGQVBnB+IU0NE43CFBWiQCbD6GGRc88ZdV8uxhElyGuoq\/YHF3odV6QEFs9PDd2W40mlJEPTrU\/YbNrDK9EX6uJSY7GfN5JJTDeEvWfQOsQ0uy8IYjlyJ5TxtnQXnq04wVfUtffinNWMR7cNrjwWmw0LkdigoLMel\/dN7JQkDILpNPwSYQ07T0bRnC52xgOJ5umHTPriox2zwHfRI6lLvfBx7j5PR\/iXTtkoj6weekfmGYFZhQNsP1hkCk+6CJfCIo1m1SFLNWhogGJZIJgLWrvdtqIciw9ptTqsx5dUUsMd3KoDy70p2VEA=="} 00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1603888789791,"flow_last_seen":1603888789791,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603888789791,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"abcd","version":"TLSv1.3","alpn":"h3-32","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} diff --git a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out index f50e6a903..e7f1c6ba5 100644 --- a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out @@ -1,4 +1,4 @@ -00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1616775370814,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1616775370814,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvDAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtrnM4d\/0kI3t2T5FO3RTETvA3HGhmrbwnQma+SPYPn8iYYuHdKaQW8SovX0+V4dnPseYO+4VTSZldeifgT8VNQQB04ta3cEyZMDpKRtegW4dekko5HPUbEiidNmSQOuP3pH\/8SoL9x7tTBQzg2OL3UpCqjAnX16pFAdQ+V\/RbqJ1eyzWFdbwBQd2HuCx\/Ij151BRRI2Xn\/z+ADB4rVF4WDOutzm10O8sh2ssLFe2YyMKEeSFhkO2WxMcAatNA2lQ4qJXI32K2kygG4WC7Q8Bb0hTFMG\/mywEn7y4151OST4nZUDKvDlYcVWjuF+qTVspa\/iH7c2UuyPhpTYvIjH0QeZUxZzZhSTFej2LWwFlP2YFzpGwiJSwBaiLMY+5\/70DioAlmqyVC7SFNLAm4+7fUc\/CJsf0f8FDbPGjMEF4r4f5+0LVZH94Uy4Wd0tsSsAOmIxjxwMYhgLVVmrVt7TBRxZotLsMMAE5KgY4C37J7AKCvvh04vXJj1z3UQVYGJh48Z9j2DH62a8\/DQXS74cUeasgoXI\/\/fcqyqG\/+dEnkEyyQl9f50ViwTzUzqhBwr01HZapB8dBBIdSdOLcU\/xu7325B4gE6MbrZr6w6DY7ChrOgc2VWwoxehsZo41rWBZsOQNIyPzLv9J0BRip+w7GJmYxc+3ube6gxdaz9W+Sn43CsbRIQrhbCgHGaXLfLG33YcaU4X+6lhZpZDIRrpfHlieNk0E4HHfvmW6nTXkwcpHKUc\/LWt5+WouHWvxMn4x+ldQDvX1+1587CV3XMwwBZM2RazatEhHW1RJ3OT+xC3gie6tmmnMQduXseFmc+V2JaT5\/q6MRU\/TlwY0Rq7EtJ8+ZbzGXqIuu4jxCx9oMmi66z65uXw3qINNOeUxHXJycpAWw5De4VzaVR4lwygzKGqlnx4L3JUveIj+oObyh7F56NqTe5C4UVw0rXOK5vqDKafrSODvkieITTgx03B2pUNKW9RLu1PhtbXUZuY0giPngPfKgjMEWwbgah5IvyTnveaL6sEqf9jfr3kFrsy+GNW\/OyorkDnRpI8RofzGw1tLxiDlPgh1n9rHyR1pRdby9Bnf\/rDHEeTaxotP0WhApggHCHa\/yFJECzVqs9aS7i2yWDcJfS40AFynUP1UGKhJe\/uUxXih7qXtheQ7FXxIkAhVv3cPoCRA71Cfs2E\/Eey1fVKRW5lMJW9PriJc7GoWtyx70pOdZsK8HXiQEPiYKJaSioN0cr28BDrpMUfunJRWn8PiLmXUmTtuIMIbhFyGy+EQ6xhnD+A\/0hLJNWNHMXLu\/kfUBoupAJQTCcfsChogaeqgD6e5eSYCN5PT9+XpGN3+Gf4PxJfDsTjsRYy9pJctfaPC3hqhyOjQKfCx2rbpvgC9PMRVByJjtLJxGnkJUAuG3l6UFakUVvosZ+5M63lUcs39+r3quiDA5yu7NAJ8A\/i87lBxkG+y1mdyDXsaBDCfcK3ZxP\/soZcY4r+0QCaSKYxK3TnciTbuVT2emgJe6oE17JFaMKL\/+oNqA3ly+Sny53LHt3DnGVzfWQGnSJpT2w1xGiily9lTfAyLsd+fvmBtuH20lp8Prs7ZgVUIGMd\/pWSRV\/g=="} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} diff --git a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index b0a3687c8..87eb05da6 100644 --- a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,4 +1,4 @@ -00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1621417111064,"flow_last_seen":1621417111064,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417111064,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621417111064,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621417111064,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTFAAH4RUm+FzUvm0OWdUdzQAbsFTtRayv8AAB0IRl3KXBW\/LTsAAEU0Yy4h2W7s\/rlLefIGYQnrzU1ux8x1WHF9P2TRMM\/uMgrk1ok5ld99474sHzCIsmBaABMBQuwajfiOypF13LdOvUbny6sKbnPsiQnWdRy34WzYDIUSWbFA\/\/FyZAuWdhVQrY6b6y6LN19n0\/TyiwQZaRgOj9Dah0V5ZEaARpJrDY9m+9WAWL1E5fl0AZB5oVrpfRpwU+72dTHjTrdezZLrG0y4LUZJV4ZFSW\/bOTNeyiYeeLzss7MCM0o7kz\/ABmlsvSTXlJ31WdTvcFfKZa+Ers7MX6vrMreYIDLD\/ts+djqt3oepBEPH1tJwybSyF6zOUmcUZSNjRN66q7NkOjxIFsUfL6vSIfs09kF5zqgt+spL3nfMkmEEbIE7Yb6VRa8aqO8bYrkMWyfbFbPBKBEuDwvxXHrKHBxwnW70rIsunEzXSGSfZXttskCHI36aQkPEEfMaooCWLD7F3ek7vQfYF9UBeP3UInD1\/fYOKKyXlh8f1Xhf5ZtTg\/t0H\/rYsiKjt\/tbN+4cOfHmb\/PbJuLAirrGtMROug44tuDQNDgTnWYAQeXIGrimS63+Je1xn8is8IMmIBVJgnKtBWcrkpMXG4qIednOh1PU3Q9\/9otFQnmPpsVeluBrkhgnE4Pv+jN7MB9MKsGF0sSC1rOxFEUDC1ZncrKF2pLDQgCdTsCDk\/CcchJ4M3KHS9yCURHTTnwtZtZ46Ba107K6\/C+vDHLLH0Agtie1px7EDwsBP1SFcU808ARQb8bGLCOen2251sgfs22LC0YsewZOMJW3COsMT7VTAQC4PFSt3Jgg155O5SMOBejKszFjP0ssLTQ45nlMeghvKmzI+zfNFO+kmZxhFyxqPlrgdV4WKrdIRZR4IDXMiiBpWoClkuM9Kcm+TctK8hPDBFox7OqpdBdHkgRVzggkNVEFUCJAoy7stynIye5G\/c0PO6aK2KvGAn+3yIbnJQO+GFl+DzzTQ5+znvJKlrrHbZJ0Q4s6V8EP7sXEgs1jrGqyCGI9wXbSo\/8wFamlp4ouFVhBqYZQ6GonLwcM2BL2EqcW1GrumcxSrpctIQbM+MLM5TmZnDMpdMZpkkzZ2HiMH1e4fDgQ6yg7Gbq1oSAP7PmPqOdaH3pXDqIE+0KyN656ZdaYb0ZW5qVxVZ\/yglBSCDTTcv+oiZZdzI4cH8Dg9AnTIhGYs97IARnzPncHqS984seVJsVe3QFzlkq7PW\/+y877P\/bFA\/sin28uLWX7d3K3IUeguTPHXWFnBk90vEPoVwUYyj9ACpdxWLYAzshM8UJ\/W4931weL+9Y45JP53CAvIUGXcyWPEbA\/HUlyizs+gfbouzc6njtiCnSFNiKixMnDd6GnBIki\/6nDKciwxPCTmggZDjKRSkhR0fon1nZO04Oy+GPjSKqyuI6I5+\/qz+87W8lrtdNnV1MTgqqBXXhQGkloYjiOOO7Hr2euMPx\/D8ZUBmzjEl1Q0vybg5VizAcIFEitV672m9tByJnZVCmqOqHSsQyStHmvXtcHwG3FmgKLlqDELNJ8refw1BcltymiFpTUHXujIq2m\/2R5lxEp3IZpg0ykJqHmAP8x1DQP1O+gpnkeZMlBn7sZgxbS5i464ONO4aidSpGEEs44YdZy\/0PLNXvbgohSN7NSSlu\/3OBSZTCjfEOkPRu9fd3b98IylU4SIOzNDcculUBKrCHb5iJqK3HKWlgukxdQQwzwn9S7alNQY70dsl9vUF76RPML6stNu2Zb+\/ZYxqaJZFu3FOvrYcXEYKZuXML8FedF"} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1621417111064,"flow_last_seen":1621417111064,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417111064,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} diff --git a/test/results/quic_interop_V.pcapng.out b/test/results/quic_interop_V.pcapng.out index 7cbaf0447..bd7f280e4 100644 --- a/test/results/quic_interop_V.pcapng.out +++ b/test/results/quic_interop_V.pcapng.out @@ -1,4 +1,4 @@ -00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_interop_V.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_interop_V.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603816434507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434507,"pkt":"pJGxgjQ5PKn0qB\/sht1gCq04BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlauSw+hHEcI8MkM2s5oZz8Vly\/UrbvRIh+SQjHV9IgfXMkwlUO3sEi\/jyMwMDaEUvpg=="} 00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} diff --git a/test/results/quic_q39.pcap.out b/test/results/quic_q39.pcap.out index a085b0750..3de4b7b84 100644 --- a/test/results/quic_q39.pcap.out +++ b/test/results/quic_q39.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q39.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q39.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1509098995610,"flow_last_seen":1509098995610,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1509098995610,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1509098995610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1509098995610,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipylAAD8RBjiq2BDRFZ2345bcAbsFTtxhDeca1dd1bE1NUTAzOQFpm58AnJnQaHUqfgGgAQQAQ0hMTxsAAABQQUQA1AEAAFNOSQDhAQAAU1RLABcCAABWRVIAGwIAAENDUwArAgAATk9OQ0sCAABNU1BDTwIAAEFFQURTAgAAVUFJRIACAABTQ0lEkAIAAFRDSUSUAgAAUERNRJgCAABTTUhMnAIAAElDU0ygAgAAQ1RJTagCAABOT05QyAIAAFBVQlPoAgAATUlEU+wCAABTQ0xT8AIAAEtFWFP0AgAAWExDVPwCAABDU0NU\/AIAAENPUFT8AgAAQ0NSVBQDAABJUlRUGAMAAENGQ1ccAwAAU0ZDVyADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnlvdXR1YmUuY29tHmY9ku1OY40wxAcfyyHFWACuKRu9GR6V2xdJs\/1DZWDRgILbvi6YPymdOys8LmRShvdEmFTSUTAzOQHogWCSkhrofu2AhqIVgpFZ8wXyMDAwMDAwMDBOGwyq+nKlq\/7gyjM9fK1HfmcRm2QAAABBRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0LzYzLjAuMzIyMy43EbUkNcc61MtqjsJrlOUgFgAAAABYNTA5AQAAAB4AAADyBfNZAAAAAJSFXrmNCzW2XCwCM6DbC32c2YfxELPjjStDUbaq7wmHTyY4LQBCW\/iNJqUlz2Wd46tERlhzvdEC41udof7lNxBkAAAAAQAAAEMyNTVDwyMTjfiB70PDIxON+IHvmpHtbxwAgQ5AC3uQqa5564NqFQAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00714{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1509098995610,"flow_last_seen":1509098995610,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1509098995610,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.youtube.com","user_agent":"com.google.android.youtube Cronet\/63.0.3223.7"}} diff --git a/test/results/quic_q43.pcap.out b/test/results/quic_q43.pcap.out index 9ffbeae2c..a9e1ab556 100644 --- a/test/results/quic_q43.pcap.out +++ b/test/results/quic_q43.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q43.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q43.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592388060203,"flow_last_seen":1592388060203,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1592388060203,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388060203,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1592388060203,"pkt":"AAAAAAAAAA0A1ZJ\/CABFAAVitYFAAD8RFzMzeBTKSHfZHcBZAbsFTg3gDeg8d72PiRX5UTA0MwHUpsx5z1djkhIB1MqgAQQAQ0hMTxgAAABQQUQAKAIAAFNOSQA2AgAAU1RLAGwCAABWRVIAcAIAAENDUwCAAgAATk9OQ6ACAABBRUFEpAIAAFNDSUS0AgAAVENJRLgCAABQRE1EvAIAAFNNSEzAAgAASUNTTMQCAABOT05Q5AIAAFBVQlMEAwAATUlEUwgDAABTQ0xTDAMAAEtFWFMQAwAAWExDVBgDAABDU0NUGAMAAENPUFQcAwAAQ0NSVCwDAABJUlRUMAMAAENGQ1c0AwAAU0ZDVzgDAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kbnMuZ29vZ2xlLmNvbR8ykEILcj\/tFGrck4XfPyIJIy1Wp2EOyj96Sbv5OxbQ7GtzdqXVHstRevTu5j9sOKKoV3MEbVEwNDMB6IFgkpIa6H7tgIaiFYKRXuiYTDAwMDAwMDAwL8w4xnPBiaheNE18yX+i9poR99hBRVNHfnKffIxl9aDtAhVkrBteYAAAAABYNTA5AQAAAB4AAADs\/0Yi1mMvJ+MeFLVM06sFxTPtG7icgHbJd6FPguzZ5DspSAr1qmJOAogGqdfyO9QJ05Fvsk1n4Zg7QCWE0DkiZAAAAAEAAABDMjU1W+x30vZEmVNOU1RQW+x30vZEmVNgMsuSoEFN3\/mAAgAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592388060203,"flow_last_seen":1592388060203,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1592388060203,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google.com"}} diff --git a/test/results/quic_q46.pcap.out b/test/results/quic_q46.pcap.out index 253e54a3b..3070fb795 100644 --- a/test/results/quic_q46.pcap.out +++ b/test/results/quic_q46.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q46.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q46.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1559632338055,"flow_last_seen":1559632338055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1559632338055,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1559632338055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1559632338055,"pkt":"AAAAAAAAAAAA4JDHCABFAAVic3hAAD8RmymsHSrsmRS3y5WUAbsFTk\/Qw1EwNDZQ6s\/m5wbfJy0AAAAEYNpYkp9oOdCGDvxYpAEEAAQAQ0hMTxoAAABQQUQAtgEAAFNOSQDFAQAAU1RLAP0BAABTTk8AMQIAAFZFUgA1AgAAQ0NTAEUCAABOT05DZQIAAEFFQURpAgAAVUFJRJQCAABTQ0lEpAIAAFRDSUSoAgAAUERNRKwCAABTTUhMsAIAAElDU0y0AgAATk9OUNQCAABQVUJT9AIAAE1JRFP4AgAAU0NMU\/wCAABLRVhTAAMAAFhMQ1QIAwAAQ1NDVAgDAABDT1BUDAMAAENDUlQcAwAASVJUVCADAABDRkNXJAMAAFNGQ1coAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tcGxheS5nb29nbGUuY29tTF5QaJRKaTNoSpJ2byVw\/n2jR\/SXiDAUaxRXCyDlaH13oYGRvmmLh5UfnwV+qkP8rBLql6P0cVhpCGDXJyou7qdg+dnByWJAkTSY+CUh8yfYOYMRdIFYIeO6ZKEQGzvhOWxsGdkkbQk0joNdUTA0NgHogWCSkhrofu2AhqIVgpFc9hnRMDAwMDAwMDAg1WpdFEihkws6cxoJh1cnEudv5EFFU0dDaHJvbWUvNzQuMC4zNzI5LjE1NyBBbmRyb2lkIDguMC4wOyBCTkQtTDIxqZ2LiTEPPlI5bOtRl2sWwwAAAABYNTA5AQAAAB4AAAA+5+ExAY9KZ43WAi5gboQGad\/XZY9NgsCyvAvlen24imYZuixux5QJ4+eD6hkpSGJfDn9+XBFyJ61rFG0t2MkrZAAAAAEAAABDMjU1M\/in8FpHdkpOU1RQM\/in8FpHdkpn+K3FgBXj\/3u4AAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00719{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1559632338055,"flow_last_seen":1559632338055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1559632338055,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21"}} diff --git a/test/results/quic_q46_b.pcap.out b/test/results/quic_q46_b.pcap.out index 1f3ccc750..59e085931 100644 --- a/test/results/quic_q46_b.pcap.out +++ b/test/results/quic_q46_b.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q46_b.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q46_b.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1561708873328,"flow_last_seen":1561708873328,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1561708873328,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561708873328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"ts_msec":1561708873328,"pkt":"AAAAAAAAAAIAGNwmCABFAAViWnxAAD0R9xCsG0XYbueGI7HaAbsFTnXjw1EwNDZQ0aOrrPYcbNEAAAABZ49NM0tlJ\/QWOEX0oAEEAENITE8ZAAAAUEFEAOsBAABTTkkA\/QEAAFNUSwAzAgAAVkVSADcCAABDQ1MARwIAAE5PTkNnAgAAQUVBRGsCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXVwbG9hZC55b3V0dWJlLmNvbXgDMRgyNKjZnbeNIexiej4o7qx+V929kxA9dDLsNr49+J4e7Bxt\/tr6btXxr2ajG15fa3Ruq1EwNDYB6IFgkpIa6H7tgIaiFYKRXRXJTjAwMDAwMDAw6FYYVlvjBaujP6e+o70a5ZenNg5BRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0Lzc2LjAuMzgwOS4w1Y68K3sgywV7JQccxBohdQAAAABYNTA5AQAAAB4AAACrpFnJA5r+YO5RcQGpd1l4yFvK+8akrX8Ivr05rqkgauMBpMQ6cwQFDJS6sLs7Du5\/2eIOY7vG9b+CMCy0OZxEZAAAAAEAAABDMjU1jtxYjsj\/DkhJRldhQUtEM47cWI7I\/w5IZ\/itxYAV4\/+8OAwAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00726{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1561708873328,"flow_last_seen":1561708873328,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1561708873328,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"com.google.android.youtube Cronet\/76.0.3809.0"}} diff --git a/test/results/quic_q50.pcap.out b/test/results/quic_q50.pcap.out index fbada4c55..59eb46362 100644 --- a/test/results/quic_q50.pcap.out +++ b/test/results/quic_q50.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q50.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q50.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592388088469,"flow_last_seen":1592388088469,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1592388088469,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388088469,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1592388088469,"pkt":"AAAAAAAAAAUAeJuECABFAAVi6fZAAD8RV+v4kIGTuJfB7ZkjAbsFTkJ3y1EwNTAI30oInk7\/XnoAAEU0Sh+G6jJaQ+WVeKqfVhwekyVcdAg3VVt4yXAoIvukSElad3ZdF7cP3aK8QwnOEdppZZL4NlS1J14QMkJkSKLH7KTs\/J1g5Qy7Td2oJivMgU4heBjsrEKX+Kl+zumCGj7r3rx\/PiGGoerDCuUYVs8\/3DPxrp05vPpL4oM6Ym20RL14LkdkclpZEotPzAVfKrp+bORIrEsOakCOFcnmRLxpaPe+skuFxQ7e+No86i++ZXUpHINRIOrrAKO6MnqhHg136TH30JRy5V1vvrx9mRvozkvzR4RrmmOWFYy9MHcYvR9ozsenVMRZ7mYRkPWmCIPXpnhEE4otBm+PYFJSnVZnoQYn2HvDgKZX+IG0tDtVasnvuIWtUyehZMOA3Auz2JN+nSjxfDEV9Q5eGeh8ZL7tXInICXQpmTBohUGs0nyUi\/EfxDhlCRPETyBYxPytgznwCOTRnGV6yUDNYNW6V2twpvbbFw15F57Y24i98N43glYYJUVqHmVwrosseQvdWLtOLEXpAKvwYCJ3nJpSVOyBYXd8okAO08VeVbydpen0iUOESN83ACwm402annjMIqbJEkKbZr1E\/bWLUE9ayryc3t4SI0rfAV3P7Bzoh+ePS0lFG2mEbR3Stl4jejVA5bbBNdQAl2XVCvlfkMcgN6wNzkaUtoY\/V5wJqcqWfzxU\/7CxIyuqjs2t5GkAirbR6GD1vSMG8A49cBdJIe0YUwOEL94vJZZ6kgFxLSzbkqIb\/JGeunCp3ImPtw51lpSKmOzgu+aiRAw0072bcZedmowvyNmMZ6ZwF9G2\/T1BzTiaxUQiuwph0MpDNq0KE8ZLx7252+rHJYkpatjHePpFvOb3XaUfP7KqMGQXysXzDurgMN+iUJmRB27gfV7BceLcaKv4JsOEla7D\/ujhuQ0U6YFyo2O4mZUs06yMlW36Jh9WkejggHA6SE58C6aM0tZVAq4PzUVmlUFs52p22qgRq5vex74TEu58hdkCQjr1pQ94XFmXqgk+AVK0nXtqdM4JYhPeaV0edHucrnphtrDalQIUwHX7zoFqP\/AzYEoeCztqDi\/kawodxc4PmEb6NM25k\/CXUeCX4uUwv5+p46bN3O1M+xvlb2rRRFG9UZ157Oh+jebOu+0rTdiK67yyDJDMe2VTvGsXi+\/G2gN2zIWwGydc\/InHPRNNQKfHhC2jggd6wv4d71pPOaI+XNe1l7JNMzHwfbkZBDlCbcSj+rryXRGPQIhCscDZiFFGrGBnyyH57ea6sGM\/d37gVVa+ukJTnovNq\/9LafSrWBaF2RrNYGE+TcplNYI0Sq5eb9DrfHpoz4HPjO4w6uwZIeHQjlw00+daMYbUpNYvzBru4JYoG4+FnfLnaJ2RX6rVgfBQIqnPe+8ho+oVfDUJnsA6e5JTlC5uDUaaRcrC0+Ji\/wYvhpr9KixWcINr\/Q6IJf8RuaNMWGUoYQRmSfJSGr9d2O1TlO6mLpi0PyY9rao+oramJEZVMS9CvaFzYMM4ekODEtI9lvm8GVMwUuwhbqucZBCNIlAueuvDA9mFax9H3Da0FnXF80HbkF0G0pCqtWSLbDFAFtV9SICp3zwHTJ2IckUyzfK6paD68rLKFhUUBI7WeX4+s0d4Jr10hLHheThooXnr5xOHtBeSEaQFC9zlGwwIuoXzDqApq3BbVKodu6HoOITstmadm3\/MIc7\/KuaqI9NjMgaFSVmEVWOH4WbQci9HsoHbnpJWe8KeP3p1LSqGOSM6yXozbpkk0hMRvAJ\/Gnzq8KxN6H6U"} 00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1592388088469,"flow_last_seen":1592388088469,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1592388088469,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.googletagmanager.com","user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21"}} diff --git a/test/results/quic_t50.pcap.out b/test/results/quic_t50.pcap.out index 24aae7910..06267ae47 100644 --- a/test/results/quic_t50.pcap.out +++ b/test/results/quic_t50.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_t50.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_t50.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1598618820564,"flow_last_seen":1598618820564,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1598618820564,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1598618820564,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1598618820564,"pkt":"AAAAAAAAAAQAMt+PCABFAAViUWNAAH8RmQMomn\/IpvC80cKsAbsFTtXAxVQwNTAIVV8y018p2GMAAEU0sFS4EDNRQxtqte6TPI+YvWd+9vuUhbcTQ2HBn9gQQ44SheCG4iJpKGLD8uMQU9W2hflEcgLE5fOUXsKA3b4MY34rhhWyrjNYzozZ6RzNmC3+PSlNh1B9BkCmgwrPckh0gBVa\/FiA4QpDKG9FfMxAAMJa6frV7fG1bb\/7HJhI3yISKMBJBm82DF0OyCTOye8nQRPUiVu4WsjVf6TJP0\/YCQn\/ynhi7Ht\/RBa3IPlCUHvLu303v9QUCibeTQUAguISRnIMNJe1C11ibh+BPlrVWXB5I4w7PGgaDw6mvx7JTybAMrs\/zdPmdFbLzWLaLw6FF+1T6Nf5pXJ9+kE9uEXZ6FzdZDD3MbdQ7S7fF3Xsf3z9uQukVNaW\/VEZbNqdIcOzSZA1HMEos1dDC\/4ViVIfMlO84vWzhZLxq5UvTT6qapu5oFarxgYku3nnVTzVM6SRRUR15vAoGmL3hQ542vEoyxzgRnslUtNtYNF9zlTPnOomXF1\/xSoJJI3VGlXy1gOwEOp28n6wdjsWOzKyE8z1XmBGehbXOUESC8A5oRtpkqOzQJ3g5+dnZdSYCvXi2BLHGA+OVhHokC0D92CqxGKl340PEFDaTPqzeKg+DdhCKEuu94iUqJwa\/EQr0++J\/bZoJuya3A6PiiCAsAWEfWiGB4RZfM+JuqUNIdd0StL9dWeEo7kVq9MAq9yKOBhBD0Nw0u3O6ttMqxfEm25kPEexKv+eLXlFhK9pi814az\/wL0\/CoLWlaMBTnRRk8oxhNZZKjX5cREBszdn5VN++4tz2T7E2jOZOFaOODo\/Wvb7BjuenE7CpgjdjsnLE4Tn\/b4Q53nG\/TvK7\/82EKBXRq\/c5PKnM+b1ENV06F0Dt6cGZ80l0g1EXbz82dUS02CP8vLgamNhFvRmwk0Fytrw6YCdOz2pD+8LecT3ig9EfNeixeZRd4tX0VxcyI5WVzzONGrmWIw1RUeauVQKVXpwzPZA8CukmFuSLsJh+\/5N5AhFjT6YZ08Cfg8mb95WTaUR4Gcz21+e\/jxcv3N2Ucmp36VwT1\/tIEgMyHmC7IWqDmGHm0zoua0BH1NJEIxpCFxOkgrdVfA\/bFJKqQIiWn39D6QQCV9IfFHR0w3Ji8IRmUv2cmzofCCCDXIb7a1RfNYDUaRs4NsKQeKcoYbyoDk1GAb6it6FoAhucYrDmI18nx\/aim5gBIWa2dZw8lcSNFxgWB30MqUt4DZOv8SxNPiLUt+4S7VsKdmL3e9VzPcuMiIPdcykCdDjJcCNMkqrWApVw+k3MVLOUeIU51nBJ5vetMjeccL3kies1jAjqR3odF77JuN1k7xA13AyJHglJBfA9SrQAab1XP78SnPFaTVPIBb4lI+7BBbWiXiUIWbr7QDQ2M+jaZ9aeFPMMv4QQg7YuadL5n0vNmHJxgYLgQVYZUg3g+jMQJiu4KLUJuhihq+lqjYmXeKGtNpGoS9t+klWnsjGnRn75HVlDegNERH7rMuzV5M2eSrUWRcByRHbj5kRkoY6s9x4THwi9YKFtPRSzpfXx6U8\/obpT4A56m9Dtlf0uhD38f9WkHLmiBpPtKg3V58sjjLsP3l91gyKwHDq9OPXkHBllrkj\/HjirESjdb1Tretiw6j18gO7a6gj9juTcUBG0eptAXXuJv2ZyrvtGzBo7DRc8B9KbYOIeUQf7UeOsamqbXhc1aNUt5qklsGe6OvEqu\/YEHpLYtQZ9LUddfbvcwZ\/RUIOT2ImtvT6yXQ32en9NmMy+OFHh52IUE4c2meqx38en"} 00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1598618820564,"flow_last_seen":1598618820564,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1598618820564,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.googleapis.com","user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T050","ja3":"a2fc589336b7c13b674c1bab24655ce7","tls_supported_versions":"TLSv1.3"}} diff --git a/test/results/quic_t51.pcap.out b/test/results/quic_t51.pcap.out index 5f2b36c74..9a630cc32 100644 --- a/test/results/quic_t51.pcap.out +++ b/test/results/quic_t51.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_t51.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_t51.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1598620434413,"flow_last_seen":1598620434413,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1598620434413,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1598620434413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1598620434413,"pkt":"AAAAAAAAAAgAH83gCABFAAViXjpAAH8R7IK744iY0\/eTWtg8AbsFTvswwVQwNTEI\/5QVtbAFhg0AAEU0lc1seKsogM0xJ2my4Aiqph+R\/2N2Tlopv6L1CTJ74mgIopdeTMsbdYmmZHP80OXizzota6YFHVZ9VeAcEZo8pgEgiYZUg70bNed022uBY2n4AIBJaoTaZc4dlK\/B4TiUFC+WiYMdxcvH3S2VlmhK+Rc2gUQHqAYLkzqvz5M6NYLldilKxcCw\/ToJ+zu5fHTAbQipFFqbD95GLa7oBCU7jPE\/wj2QE1M9Wk52+SrgbNiKCHm0Oi8\/\/aC+8QR8oPQVWsQzjkcyagMWDaycHo+Z2gh2YqGCJoepFNsqgtO8uWWNDiaisHNHQDCPrCt5EDVvLMLkZZQTcE9bxIhJucB4CNr926kRAjaB4Y5CqDAEear5TtCJ3Iu0C2bzBjoi5J9LPiwVBQYhfxtqGdX9O3nANKjdbMVqvYl742MGo2YFm2J507oPMBXLqPJW2a2j\/XlrdIcqLJLXy1ruiet2Yfof5cTaMXQp6wyOq8s2kLEeb0RqG380zHAhUvwTfCiEYvwSN8+LPb7d1HKu3JRvbfM4A2u6D3\/ccc40B8jpt6t8mVTCa92M7s8hgVfDHCvoiaTxRF07ULZWTbuRFjLXA3G\/QLzl0b2QQA3PRqMO1r4YLM9IhL+9TjIm9kskk81nFsbcqeUPPCIl5SvakooZ1Ne4vlHJM7vcPwHkRJHa+PMjtknf1D9FmcaRoK2gywFTRk2j2RKXeNNGP3fOGBMRmVstntMO9HlCQR0pqWkIJ+jw+vDqFHMVZBwco3px5tJKsYik1W4I7vDVokn8tYkCXuWkDqmw9KvnktOeNU+eoLbnbQi\/AJnaCX22\/pOnvMBDUqcAEyxhhPUDxacTTuyCy01g9D7qNJmAhz3k5MC2zTm67IILY1heZ2AuYvQwYQOss3bJtjPNa+uV1pVbQiVw6S2nvxKgtq5Z9DSuXhvsbTOp5GSq1YV0eewMUT6nB6ejScFWGv+XM50Rf10iuSgO6pXznyY29qMMOcdfxFMWk8ZhEALkKLXeqjM+FjHgPqVYhtjd0Mxa3xCi4pEnff1YF4nj78KYHZrV2zxl6ihclVVh4iHXNFGI+s63vsFXEOTBejfPsr6+VmTDJ1+o1kNk93XUE\/bQ82a18NJPdXQ6kf26Qjcc4RqnTvAmrWh\/6fmG4zIriY7A9z8t4eO9Qfr9TLO3k0B5JOVnWVTqlbOvrJgEzV95Hv0ioO0xIj5BnxrbLnlwbNfPjVGTcRNAh71gU32J8rr6rCxxCaTv4RU7KdiQ+zigC0LKK7x4OPs9n2Ka2KUPy25mrLQ\/hk5IjtzsrqqQ2MzNcZhxb0kkNCxELzOQUMbpkFnw3XGvEDCJVplyR1UqjiDFOL8\/JfuephE1oyHWeOYVwVd2Cwv2PGGx05T5JJWiwFxWUNPRdBpTvDS0w\/p4Nd\/c2GPaorYCv1rEFAbYJpF4F6I30H8WeSXKzzhCDJKK0+cDwsUjqsSRJxU4ftS+uYB0XeJmKhKFuSfMEVI0q1YpMQZE\/G2MC4zAighNsEoUwNwWYS2545Iu3+Eegoe47B\/k8tCSheavZoHCQ6GLnzYKEdctMGvZqMVOXsPQnYlobmVfhCoHYAqTL++rI+V2XgKmzpdEDycwwsSLkVWoYU4lGAoPMP3kxasfCnUHU\/V6gkc7C3bskka9cplZd3pC0DtI8Ams8W1VIknYpHJDhbirGSRTc6oJbJQK8NbF0mBg+7QAzF7Cg20VSPH1oCq1EEodwhHlQBTHEkDIUOOWm8A2kePv2bx2BTxVuCDz2D78zh51"} 00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1598620434413,"flow_last_seen":1598620434413,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1598620434413,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T051","ja3":"92e76078d514999cd950474995dab2b5","tls_supported_versions":"TLSv1.3"}} diff --git a/test/results/quickplay.pcap.out b/test/results/quickplay.pcap.out index a57152d38..300dd0035 100644 --- a/test/results/quickplay.pcap.out +++ b/test/results/quickplay.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quickplay.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quickplay.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"ts_msec":1429000030398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} 00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} @@ -62,7 +62,6 @@ 01045{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1429000054688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"ts_msec":1429000054688,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjvEAAPwaG4wo2qfp4HCMoyykAUHABs6PLUc5cUBgk\/ZRuAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1429000054967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"ts_msec":1429000054967,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUEEkAArQbHccvNgWUKNqn6AFCnCorJCJ8MOwSFUBgII8UCAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDvBAYGAAAXudj2eCNNjv4Uv\/n42\/lx"} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1429000055158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"ts_msec":1429000055158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYkAArAas5svNl6AKNqn6AFDWZdcfCppPknoiUBkIIrzXAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":54,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":3,"flow_first_seen":1429000052350,"flow_last_seen":1429000055158,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":271,"midstream":1,"ts_msec":1429000075767,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7440000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01290{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1429000110390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":681,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":681,"pkt_l4_len":645,"ts_msec":1429000110390,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAApm620AAPwZqrgo2qfrLzZPXi1YAUBkYU+pems3wUBgAbqLPAABQT1NUIGh0dHA6Ly9oa21pbm9yc2hvcnQud2VpeGluLnFxLmNvbS9jZ2ktYmluL21pY3JvbXNnLWJpbi9ydGt2cmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMzU1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGttaW5vcnNob3J0LndlaXhpbi5xcS5jb20NClVzZXItQWdlbnQ6IE1pY3JvTWVzc2VuZ2VyIENsaWVudA0KDQqNXyYBAEFVK9B93wIQAhdIZGw+bAzfhIMAzAXaBLgCxN0BAsPj4k0n0ICdjYK52ViOWnOC4Vzgxi7+iegOsMW+oW6QdEAHg+UlyxaSBb9\/s0oeR4gum6gk+uWhqjv3Tkoz3jpOxZ3uqg5IoeAevVK78mE+75Mm5QEXaL\/24wa8I4nsiJTVEr54yg9WsIjA1I\/cd65YM57jS4+t1kJ\/xpqwwPsMfqK2G34N85Xo0uWP1F2PyLEjHiJZyK4xRu\/XYVzahdDn1vQRPtqQ3i2o6ggKNGN3kBkFa6C2GO0zTqwt7XUYqb0ppGq3KKIyPCtrTg5YICuEsfTDMTLer3J067M5VD93Ij+RkxqqGFN9+gvu+C\/smM0OksnEYsvtVnkr65ZF5Pk4qVPYHRDIlRcRHe0XzckIkJitYHFr8VSN2R6GxFfZK0YtMPQdmLxH6qLecheL3Cuuz7XcYpBc6JGpDIih+q4v"} 00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7440000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"hkminorshort.weixin.qq.comhttp:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} @@ -76,6 +75,7 @@ 01097{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 02349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1429000156273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"ts_msec":1429000156273,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaB3UUAArQYBdngcIygKNqn6AFDLMd3LpTQtNFxOUBAIItXfAAChEIrgrleYAhFa3F3938BggSrcIn+nqVX5sByKXTUtTZ+S0IwO\/hIwf0BB2uc3Bf5jC1QfzUHjRvDUIOnnsb5a0uxxhiIVAqWnEYC45w18yjCMLPuOKVZeOYgfCQVjYsxLAKkdXaRkmMu4Zoel0HztrVYR1cnta\/vSYGQ0WkMhgl3KFYUm\/X4qjjWEdowcfDAWr\/FWJBR4jsXSxR8EQOd7RYpfWOl0YqAXrcURgivoA\/Vazm9dSSQ6DzW0D1TNTghMrqCseZaLLp2diY5etWqcT5Lxxdnl2ino6PEahKmf04RjOZq83lwn5PEPti9QeNcfMNctSiHj28O5VeDtauVKLipzStAYJu6O1tMaMLByrHeLYYc5MbsLRR9vao6KZRnJE1AEzpmLa\/+YrNJZcLrW3joqQ2AvZzJNsHv1pr7090xMkT87olqCX5Yd5dgxMvv2CbBfzbv7iN0239xxLePmefbZXxmf1ljpyZUWt+YUi19f0cGaafC5roKKnRsDLjalFhQzNZMDN1+qROgcpPpFrfcPRzSCRX2oM3IXqFNyhnIqEBeoqjt\/rN0OghieSXA+J4\/fnibDY2oBF\/qPi7PmT7+EZQfp4dOU7LXGxwfkHyb\/+nSUhuDDHBPkRtLg+XO3xXfDG63CCzgP9j+ew7ylJL7s8zjEAnk0iP7KsAXK1fFcvUkB5LITD3qa1hjsRXNIyWIaxMkwR8GhlPLtf0hpPiS0Um8a1yduUSn4xM5n3AHwQrDyknL7fxErOcmIBqXcP2oyyyTV+m9b64iHrtRxBINGeYaff6lhmqnRqCvGC1F52Og\/seNDfW8RWv4yBXzQwblMI7xviVAgMjEyKmjtOXwyzWj0J+YuHjA3wXbbyRFf\/zujxfqXq0HOg5HobG69sZOgCtlNOxGxs6uNG3Nyl1bm6YuhORfGFVH4dDhxB4pM4mawqKQgNd3ZivrDKzWiLphhw89pFSEPmrYR+dSw4\/6dNuOLRnG16Am5LUzsom4k95ky9x\/PVPzeU+5ie6mhYpgOrbjeFpz+rg+m9C+NB8SEBd6muVe4B37GCYUkUck7iEmhbPSKsrUqKYVveBJ0WJIstk9mKFzxlfKH3J2\/bjYqxEQYbmgG6oJ5ralnDKawN31PTuvOshsQceM7W53\/H7rfpivL6lr\/kjGpOhEd9Dxxlf9p+4v7nxfQAiorCo+Ipnx1Vx4\/M8DFoeolmxcpnpC1\/t87cEimWGKlQKNWBmqgBX3lF+jG0RumppZSWz\/aQfU6VQwCojXD7XsZoKlt0fqkAcQPgNbx4gtOwebSddbvGBn7uPBEFCe1qtOY1P6e8nyGK8y1LANkR3tsNsXJFvHkj5HBf+Fth6gbnan75B2fOeWrkdUU90lajYKwLL1LL5gxqWv1nPgRm5gG0V\/LUY3dCEIra5BI+d3CAtAPKtdluT\/JXWML4j3eAT74+s9ouu5yox25rXWvrCvhcuf5BYDjdzBBmrYB\/t4fb52bttXAQuL80qQnY5Oj1X5f+Um3rpgjwFtGj7n30bbQASEZTdFPUOe8kJs7mBkrIY6yotsjZG+hKNfMJZdhU8ZShuzC8djNjp9NuCLli+\/ugxOOk4+twmaL+UUbEqGDcxcAEBa5EyOAV7RfqezgWcaQ3dbJjWXdNWxetLCdQ7XanJt3eAkt933KoymlC4XmU95LAhWF33+FFwL3BYas4y5X8wDDUnULI8QtkzKEN2oLGgIewtkuDrW4wpL3EZsIKv86JV8UzFxUMaP2MiczrH7WqOOsj1ytSR\/mRWDeXJftrtXq0qR46GntPeDZXJQKpY9CB2cQr+2LnDbM8iBOGE8HrF8a0W0JfepPoC6ozHQ5CxM0HE7L3V4aaQ=="} 01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1429000156459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000156459,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaip0AAPwZH9go2qfp4HCMoyzEAUC00XE7dy64AUBhgH5dQAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":3,"flow_first_seen":1429000052350,"flow_last_seen":1429000055158,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":271,"midstream":1,"ts_msec":1429000179906,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01050{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1429000207973,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000207973,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYfhkAAPwbLFwo2qfp4HCMoyzIAUDz1EP7kfsOCUBgByRv\/AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTIudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} 01097{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} @@ -91,7 +91,6 @@ 01097{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1429000350324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1248,"pkt_l4_len":1212,"ts_msec":1429000350324,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBNBb\/EAArQYdm3gcIygKNqn6AFDLNbdZW8fM\/d9rUBgIIqcYAAD+T5O3IPZmBv71L8WfkixgJr\/jAt3\/6kLgAlGb+bz0ykowoo+NPkYJoM9UpoIVOvy80c0V1g1txC7AgybX1gMQCPuO2tL7\/YFSRxMejmWc4iVxTJSsqhfOA46142Bs1WbBta5O\/SisV8I6pVbO3GCxSbhFLwGr\/WZMUvJFa03S2huv7nozg+bdD4ixlKAFqDdBblAS5LqKSvj+fOg7qedCUtEMdl2BX1M92lt5m6MQhdflPtDytEcZ0QkUCdMH9OHvhlDAvSTeyAtHyfYMIr7y2wFDjfyFOM32EeqMcgEsS0MQwjTKiEkzEJ8uGfrxRfO5oVpc6VJ+xU5oxB5UzhG8pmTwc93Y2+GfYxPPy6ggTaHy\/d8I7FePvcMuO0KR+65nFfpCrRJnDXWI0WHUQIZcOwglbU1AfE\/G0U1NohfpkoAAnwPGa2AwV3oZoMhAulbVmnnznep4SXoywe87c2ocX2ggVFcYGvjslls5jM+9Mb9jAiJUQob+ptDy09gH34DekuerUkd5kD0BHNFL1qJxKuT2KFfpVgoJcv7HmFi278ssvmuhcKYTndrOnym+1tTrX4yHchzxBIO6GaHA8tKeIbQel4TL1v3Z16t\/5xrJ+Q3\/dZxmuZuNaR\/mbOEVBLzpZG7JjcrFSlppStGfqcXspmqu2LVEQvyEoz7nD3cdIKrnhCpQD85sNyvZh8JPCYo865M5+VSfDtodRJdJU1Nl6DW0MAcLqRvHQY9JW8lvPNvqOY2adRWmAKu7tqvblHXcRcfi1rVtS37DAzU+CITvUZ7K30LaIGtCPuD1JyxuUKBexT3QohOr8Lhst8RR1CzAUG3EjerjlJS4KtFHtNg7GoK88LreN47H4SdxDkAmboeyFID9kUTvhDEEqXlfFOEyBf9Hwqltx9X6rJI\/aCSw0l3eGOtTl3BrAC\/PZaQloz6cS6y\/rAG\/nTUo2JYn9FxvYyn46cJ+Dvj0skCnbuZGkNTSODQ8OYRf91rdXgsLkXz7SvGaVdHhOR9kAXFpWZO7NlKFm7iCcjRGcikx0R+JzsCdgGKw769t40JLLZ2Q7I1fg8xfNUu24vDeA30lrnpOU4r2\/wzGdHdMyj3aW37T\/Pa6QQtQ1KDPtl9xaYHV7eAXl7B\/PrlRzNCxrvA6rIktFl32wWbaV4UONT7uV+4MsIL+HjkWP1O8dgLKVVeYmic1ZUfE8n13QHUcKgu1wZjEhZIqzgLo+waSjiNdfhALL5AB0EpMQXn5\/7OVD3m88BGmhRFUOC2MbYjnNMzH8wAwic5A3Qvz2AIrONrzFcniz\/ItQB42w6KG1uQ+E3nY7gSAkYQOrbzozKOWRZnp2uAnHe4PHe\/OVrr8C50\/kt0TKX5CZ2FJOOqCL0f72chb\/rBb5J0abgAXFRf0RhFz8NBfmLRVAS8iJvF+ExsNR3UUz7Uik5Fcuqlhq\/2+nOX6Vo3ZiRGJ8ebb8KS1vBD76QQNsXfNVIC2g\/pLfmhdq8Adxob5YnXButMrysl7iAokGOqWwh8nWfQCWcnR9MCedQ9mTBrHLXrhSeAVZOjGNYrbH8nHmLOBBy1qB3E4YD0wwrTIH9U0Sgt1"} 01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1429000350578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000350578,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaaEUAAPwZQjAo2qfp4HCMoyzUAUMz932u3WWBvUBhgH+pmAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjcudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":148,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":25,"flow_first_seen":1429000237766,"flow_last_seen":1429000347404,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":18206,"flow_avg_l4_payload_len":728,"midstream":1,"ts_msec":1429000374116,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1429000375190,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000375190,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYAQEAAPwbqXQo2qfp4HCMoyzYAUPnxUPbwb7kUUBgByReCAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} 01097{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} @@ -110,6 +109,7 @@ 00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":65,"flow_first_seen":1429000052217,"flow_last_seen":1429000153720,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":42262,"flow_avg_l4_payload_len":650,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":8,"flow_first_seen":1429000153937,"flow_last_seen":1429000207676,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5584,"flow_avg_l4_payload_len":698,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":7,"flow_first_seen":1429000207973,"flow_last_seen":1429000236577,"flow_idle_time":7440000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":4656,"flow_avg_l4_payload_len":665,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":25,"flow_first_seen":1429000237766,"flow_last_seen":1429000347404,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":18206,"flow_avg_l4_payload_len":728,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":4,"flow_first_seen":1429000347103,"flow_last_seen":1429000374116,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1192,"flow_tot_l4_payload_len":2530,"flow_avg_l4_payload_len":632,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":7,"flow_first_seen":1429000375190,"flow_last_seen":1429000385363,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3892,"flow_avg_l4_payload_len":556,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":2,"flow_first_seen":1429000031698,"flow_last_seen":1429000032158,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} diff --git a/test/results/rdp.pcap.out b/test/results/rdp.pcap.out index 5e0e6701f..4b8af4cb8 100644 --- a/test/results/rdp.pcap.out +++ b/test/results/rdp.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rdp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rdp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1559207465138,"pkt":"AgAAAEUAAEAAAEAAQAbIuKwQArnAqAKOzQ4NPfm84lgAAAAAsML\/\/7iqAAACBAT5AQMDBQEBCAoLUEqcAAAAAAQCAAA="} 00172{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","datalink":0,"header":33554432} 00343{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"rdp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":56,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"ts_msec":1559207465180,"pkt":"AgAAAEUAADRflEAAfwYqMMCoAo6sEAK5DT3NDkeav7z5vOJZgBL6AEVOAAACBAW0AQMDAAEBBAI="} diff --git a/test/results/reasm_crash_anon.pcapng.out b/test/results/reasm_crash_anon.pcapng.out index dd6a45ea1..746cdece7 100644 --- a/test/results/reasm_crash_anon.pcapng.out +++ b/test/results/reasm_crash_anon.pcapng.out @@ -1,4 +1,4 @@ -00452{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00452{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1410865705717,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1410865705717,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} @@ -7,59 +7,35 @@ 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45} 00454{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"ts_msec":1410865765920,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAHqlIkAAQAYvvArRCJTAqJGTVe\/IEt2R4XA7+xsmgBgBxWJIAAABAQgKOmJDrj6aQVQ8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lJQAyNzQ3ODY8L3VwdGltZT4KPC9kZXRhaWxzPgo="} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":86} -00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":35,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1410865886320,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":35,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1410865886320,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1410865886320,"flow_last_seen":1410865886320,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1410865886320,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1410865886320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410865886320,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBn0AAQAbTd8CokZMK0QiUyBJV7zv7ZE3dke2cgBghO1lPAAABAQgKPpwXpjpjpG08ZGV0YWlscyAvPg0K"} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1410865886322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"ts_msec":1410865886322,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAGqlKkAAQAYvwwrRCJTAqJGTVe\/IEt2R7Zw7+2RagBgBxSgtAAABAQgKOmQaAT6cF6Y8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lPjUyNzQ5MDc8L3VwdGltZT4KPC9kZXRhaWxzPgo="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1410865886322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1410865886322,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBoEAAQAbTg8CokZMK0QiUyBJV7zv7ZFrdke3SgBAhO7t8AAABAQgKPpwXpzpkGgE="} 00379{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410865916424,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAEDQBpEAAQAbDgMCokZMK0QiUyBJV7zv7ZGfdkfOygBAhO8pkAAABAQgKPpyNPTpkj5Y="} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32} -00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":53,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":17,"flow_first_seen":1410865886320,"flow_last_seen":1410865976625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":885,"flow_avg_l4_payload_len":52,"midstream":1,"ts_msec":1410866006722,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":17,"flow_first_seen":1410865886320,"flow_last_seen":1410865976625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":885,"flow_avg_l4_payload_len":52,"midstream":1,"ts_msec":1410866006722,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1410866006722,"flow_last_seen":1410866006722,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1410866006722,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1410866006722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410866006722,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBq0AAQAbTa8CokZMK0QiUyBJV7zv7ZIHdkfnIgBghO6BGAAABAQgKPp3t+DplesA8ZGV0YWlscyAvPg0K"} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1410866006722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410866006722,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBq0AAQAbTa8CokZMK0QiUyBJV7zv7ZIGnkfnIgBghO9ZGAAABAQgKPp3t+DplesA8ZGV0YWlscyAvPg0K"} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1410866006724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1410866006724,"pkt":"AAAAAQAGplhD8kgGAAAIAEUAADQBT0AAQAbT1cCokZMK0QiUyBJV7zv7ZI7dkfn+gBAhOwJ0AAABAQgKPp3t+Tpl8FQ="} 00379{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410866097027,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAIDQBtkAAQAazbsCokZMK0QiUyBJV7zv7ZLXdkgX0gBAhO3luAAABCApjn064OmdREwA="} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32} -00584{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":78,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":24,"flow_first_seen":1410866006722,"flow_last_seen":1410866157228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1410866187325,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":78,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":24,"flow_first_seen":1410866006722,"flow_last_seen":1410866157228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1410866187325,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1410866187325,"flow_last_seen":1410866187325,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1410866187325,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1410866187325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410866187325,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBvUAAQAbTWcCokZMK0QiUyBJV7zv7ZM\/dkgwKgBghOwq6AAABAQgKPqCvczpoPDw8ZGV0YWlscyAvPg0K"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1410866187325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410866187325,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBvUAAQAbTWcCokZMK0QiUyBJV7zv7ZM\/dkgwKgBghO8q5AAABAQgKPqCvczpoPDw8ZGV0YWlscyAvfg0K"} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1410866187327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1410866187327,"pkt":"AAQAAQAGplhD2wS3AAAIAEUAADQBvkAAQAbTZcCokZMK0QiUyBJV7zv7ZNzdkgxAgBAhO2zmAAABAQgKPqCvdTposdA="} 00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"ts_msec":1410866217426,"pkt":"AAQAAQAGplhD8kgGAAAIAEUALkEBwEAAQAalV8CokZMK0QiUyBJV7zv7ZNzdkg8VgBghOxx4AAABAQgKPqElBzposdE8ZGV0YWlscyAvPg0K"} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45} 00363{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"ts_msec":1410866247530,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBxUAAQAbTXsCokZMK0QiUyBJV7zv7ZPbdkhUrgRAhO4yLAAA="} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":20} -00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":99,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":19,"flow_first_seen":1410866187325,"flow_last_seen":1410866307731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":867,"flow_avg_l4_payload_len":45,"midstream":1,"ts_msec":1410866337831,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":19,"flow_first_seen":1410866187325,"flow_last_seen":1410866307731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":867,"flow_avg_l4_payload_len":45,"midstream":1,"ts_msec":1410866337831,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1410866337831,"flow_last_seen":1410866337831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1410866337831,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1410866337831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1410866337831,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBzkAAQAbTVcCokZMK0QiUyBJV7zv7ZR3dkh5MgBAhO7jGAAABAQgKPqL7XERq\/bg="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1410866337831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1410866337831,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBzkAAQAbTVcCokZMK0QiUyBJV7zv7ZR3dkh5MgBB6O2mDAAABAQgKPqL7XDqt\/bg="} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1410866367928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410866367928,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBz0AAQAbTR8CokZMK0QiUyBJV7zv7ZR3dkh5MgBghO3RyAAABAQgKPqNw7jpq\/bg8ZGV0YWlscyDqPg0K"} 00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"ts_msec":1410866428129,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAekEB1UAAQAZZQsCokZMK0QiUyBJV7zv7ZTfdkiRigBghO5ioAAABAQgKPqRcFzpr6OI8ZGV0YWlscyAvPg0K"} 00184{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45} 00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410866578634,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAHQB5UAAQAbS\/8CokZMK0QiUyBJV7zv7ZYXdkjPPgBAhO1OLAAABAQgKPqan\/zpuql4="} 00184{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32} 00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410867060242,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="} 00184{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32} -00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":108,"flow_first_seen":1410866337831,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":513,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":108,"flow_first_seen":1410866337831,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":513,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00168{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","total-events-serialized":50} +00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00168{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","total-events-serialized":26} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 209/200 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 6327 bytes ~~ total detected protocols..: 0 -~~ total active/idle flows...: 5/5 +~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 1957639 bytes -~~ total memory freed........: 1957639 bytes -~~ total allocations/frees...: 35558/35558 +~~ total memory allocated....: 1942983 bytes +~~ total memory freed........: 1942983 bytes +~~ total allocations/frees...: 35542/35542 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 173 chars -~~ json string max len.......: 593 chars +~~ json string max len.......: 594 chars ~~ json string avg len.......: 386 chars diff --git a/test/results/reasm_segv_anon.pcapng.out b/test/results/reasm_segv_anon.pcapng.out index 2e1176d8e..b7292d540 100644 --- a/test/results/reasm_segv_anon.pcapng.out +++ b/test/results/reasm_segv_anon.pcapng.out @@ -1,4 +1,4 @@ -00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"ts_msec":1550422828553,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00198{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","caplen":106,"len":110} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/reddit.pcap.out b/test/results/reddit.pcap.out index 0b67320ff..3bf3528bd 100644 --- a/test/results/reddit.pcap.out +++ b/test/results/reddit.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reddit.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reddit.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1605291684451,"flow_last_seen":1605291684451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291684451,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605291684451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291684451,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8UAAAAAoAL9IJAlAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1605291684451,"flow_last_seen":1605291684451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291684451,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/rtsp.pcap.out b/test/results/rtsp.pcap.out index 3a42d9501..9395c0b8b 100644 --- a/test/results/rtsp.pcap.out +++ b/test/results/rtsp.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"ts_msec":1627567277506,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} 00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} @@ -9,13 +9,12 @@ 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567279015,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567279015,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRW5UAAfwaN0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} 00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":13,"flow_first_seen":1627567279015,"flow_last_seen":1627567279029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567279029,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":97,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":12,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":49,"midstream":1,"ts_msec":1627567337246,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1627567338841,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567338841,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567338841,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567338841,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567338841,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXFEAAfwaNoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":13,"flow_first_seen":1627567338841,"flow_last_seen":1627567338851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567338851,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":185,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":96,"flow_first_seen":1627567279015,"flow_last_seen":1627567337247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1627567397145,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00548{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":185,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":12,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":49,"midstream":1,"ts_msec":1627567397145,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1627567398644,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567398644,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567398644,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567398644,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} @@ -26,39 +25,34 @@ 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567406342,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567406342,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXW0AAfwaNWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":21,"flow_first_seen":1627567406342,"flow_last_seen":1627567406849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1627567406849,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":84,"flow_first_seen":1627567338841,"flow_last_seen":1627567397146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":96,"flow_first_seen":1627567398644,"flow_last_seen":1627567406309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":92,"flow_first_seen":1627567406342,"flow_last_seen":1627567407043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10708,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1627567465366,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":204,"pkt_l4_len":168,"ts_msec":1627567465366,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAALxXhEAAgAaLqQoBAQoKAgICzP4hahoxgovxx02FUBgEATbGAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiAzMmZhZWM5Yjc4Zjg0ZjkNCg0K"} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1627567465366,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":204,"pkt_l4_len":168,"ts_msec":1627567465366,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAALxXhEAAgAaLqQoBAQoKAgICzP4hahoxgovxx02FUBgEATbGAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiAzMmZhZWM5Yjc4Zjg0ZjkNCg0K"} -00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":204,"pkt_l4_len":168,"ts_msec":1627567465366,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAALxXhEAAfwaMqQoBAQoKAgICzP4hahoxgovxx02FUBgEATbGAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiAzMmZhZWM5Yjc4Zjg0ZjkNCg0K"} -00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1627567466882,"flow_last_seen":1627567466882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567466882,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1627567466882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466882,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1627567466883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466883,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1627567466883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466883,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXikAAfwaNKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":13,"flow_first_seen":1627567466882,"flow_last_seen":1627567466894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567466894,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00548{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":12,"flow_first_seen":1627567465366,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":49,"midstream":1,"ts_msec":1627567526623,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":1,"flow_first_seen":1627567528106,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567528106,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAMAAQAGAAwp8x5yLpgIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXuEAAfwaM\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":13,"flow_first_seen":1627567528106,"flow_last_seen":1627567528113,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567528113,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","total-events-serialized":50} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":96,"flow_first_seen":1627567279015,"flow_last_seen":1627567337247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1627567466882,"flow_last_seen":1627567466882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567466882,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1627567466882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466882,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1627567466883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466883,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1627567466883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466883,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXikAAfwaNKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":13,"flow_first_seen":1627567466882,"flow_last_seen":1627567466894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567466894,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":84,"flow_first_seen":1627567338841,"flow_last_seen":1627567397146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1627567526623,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":96,"flow_first_seen":1627567398644,"flow_last_seen":1627567406309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1627567526623,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1627567528106,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567528106,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAMAAQAGAAwp8x5yLpgIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXuEAAfwaM\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":13,"flow_first_seen":1627567528106,"flow_last_seen":1627567528113,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567528113,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":104,"flow_first_seen":1627567406342,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11300,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","total-events-serialized":44} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 568/568 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 67396 bytes -~~ total detected protocols..: 8 -~~ total active/idle flows...: 8/8 +~~ total detected protocols..: 7 +~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 1972396 bytes -~~ total memory freed........: 1972396 bytes -~~ total allocations/frees...: 35937/35937 +~~ total memory allocated....: 1968680 bytes +~~ total memory freed........: 1968680 bytes +~~ total allocations/frees...: 35932/35932 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 159 chars ~~ json string max len.......: 651 chars diff --git a/test/results/rtsp_setup_http.pcapng.out b/test/results/rtsp_setup_http.pcapng.out index 04e772f12..4b47bf9c8 100644 --- a/test/results/rtsp_setup_http.pcapng.out +++ b/test/results/rtsp_setup_http.pcapng.out @@ -1,4 +1,4 @@ -00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1625568705778,"pkt":"AAwpI6CIeCSvPj0DCABFAADbwOlAAEAGFzesHAWqrBwEGvlgIWqjD4UUiv5WgFAYA\/\/+rgAAU0VUVVAgcnRzcDovLzE3Mi4yOC40LjI2Ojg1NTQvdHJhY2tJRD04OCBSVFNQLzEuMA0KQ1NlcTogNA0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpUcmFuc3BvcnQ6IFJUUC9BVlA7dW5pY2FzdDtjbGllbnRfcG9ydD01MDIyMC01MDIyMQ0KDQo="} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}} diff --git a/test/results/rx.pcap.out b/test/results/rx.pcap.out index 6fef22404..8afeb423c 100644 --- a/test/results/rx.pcap.out +++ b/test/results/rx.pcap.out @@ -1,4 +1,4 @@ -00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rx.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rx.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1460647264018,"flow_last_seen":1460647264018,"flow_idle_time":180000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1460647264018,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460647264018,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"ts_msec":1460647264018,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00583{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1460647264018,"flow_last_seen":1460647264018,"flow_idle_time":180000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1460647264018,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}} diff --git a/test/results/s7comm.pcap.out b/test/results/s7comm.pcap.out index 1f1a68693..65192afa5 100644 --- a/test/results/s7comm.pcap.out +++ b/test/results/s7comm.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"s7comm.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"s7comm.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1408528803880,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="} 00584{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"proto":"s7comm","breed":"Acceptable","category":"Network"}} diff --git a/test/results/safari.pcap.out b/test/results/safari.pcap.out index d708dec35..2c1bcadcf 100644 --- a/test/results/safari.pcap.out +++ b/test/results/safari.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1620898024056,"flow_last_seen":1620898024056,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620898024056,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620898024056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620898024056,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620898024084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620898024084,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="} diff --git a/test/results/selfsigned.pcap.out b/test/results/selfsigned.pcap.out index 3cba2bde7..36f76af68 100644 --- a/test/results/selfsigned.pcap.out +++ b/test/results/selfsigned.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"selfsigned.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"selfsigned.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="} 00179{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","datalink":0,"header":33554432} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"selfsigned.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="} diff --git a/test/results/signal.pcap.out b/test/results/signal.pcap.out index 0b6770f92..0e445c3c5 100644 --- a/test/results/signal.pcap.out +++ b/test/results/signal.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"signal.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"signal.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1569051245838,"flow_last_seen":1569051245838,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1569051245838,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569051245838,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1569051245838,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKS8AAP8RkXYAAAAA\/\/\/\/\/wBEAEMBNJxAAQEGACG6jqoAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1569051245838,"flow_last_seen":1569051245838,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1569051245838,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}} diff --git a/test/results/simple-dnscrypt.pcap.out b/test/results/simple-dnscrypt.pcap.out index 28bf0737b..58cb3d353 100644 --- a/test/results/simple-dnscrypt.pcap.out +++ b/test/results/simple-dnscrypt.pcap.out @@ -1,4 +1,4 @@ -00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1491813284555,"flow_last_seen":1491813284555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1491813284555,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491813284555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491813284555,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491813284666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491813284666,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"} diff --git a/test/results/sip.pcap.out b/test/results/sip.pcap.out index 01a5206c6..b60299a45 100644 --- a/test/results/sip.pcap.out +++ b/test/results/sip.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"sip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"sip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01047{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1120469572844,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"ts_msec":1120469572844,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} 00579{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}} diff --git a/test/results/skype-conference-call.pcap.out b/test/results/skype-conference-call.pcap.out index f2fd865e0..be5427c4d 100644 --- a/test/results/skype-conference-call.pcap.out +++ b/test/results/skype-conference-call.pcap.out @@ -1,4 +1,4 @@ -00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype-conference-call.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype-conference-call.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1501061916646,"flow_last_seen":1501061916646,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1501061916646,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1501061916646,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1501061916646,"pkt":"XEl5dU5qxCwDBkn+CABFAACEzEwAAEARWwHAqAIUaC4oMcCC7OIAcIaYAAEAVCESpELFWk\/f3gwyXjBMYMcABgAJZ3BwZTp6V3lrAAAAACQABG7\/\/v+AKgAIAAAAAAC\/QxeAVAABMQAAAIBwAAQAAAADAAgAFMOSZmY4XAmhNOQKDGwu8wYai2KrgCgABB+1m2s="} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1501061916646,"flow_last_seen":1501061916646,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1501061916646,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}} diff --git a/test/results/skype.pcap.out b/test/results/skype.pcap.out index c6cd6cc0e..5279c3168 100644 --- a/test/results/skype.pcap.out +++ b/test/results/skype.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1431969641947,"flow_last_seen":1431969641947,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969641947,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431969641947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969641947,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt5UAAEARP6TAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1431969641947,"flow_last_seen":1431969641947,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969641947,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -688,10 +688,6 @@ 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_last_seen":1431969689543,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969689543,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0irdAAEAGZW7AqAEinTfrnMOcnE7UANcrM6a2IoAQECxAVAAAAQEICj4jQsFMWRmA"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1185,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_last_seen":1431969689596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969689596,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYg2dN4KtwKgBIpxDw5oq9Bj82fT\/9aASOJAjJwAAAgQFrAQCCApOp72RPiNCegEDAwk="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":3,"flow_last_seen":1431969689596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969689596,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EYdAAEAGR47AqAEinTeCrcOanEPZ9P\/1KvQY\/YAQECx51gAAAQEICj4jQvVOp72R"} -00575{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969690245,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969690245,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969690245,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969690245,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVDVAAEAGBNHAqAEinTeCsMOdnFaE5icqAAAAALAC\/\/\/EvgAAAgQFtAEDAwUBAQgKPiNGZAAAAAAEAgAA"} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -761,16 +757,6 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1431969699577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969699577,"pkt":"0NQSxnP1PBXCt3IOCABFAABAuMZAAEAGoFTAqAEinTeCm8OsnFQhlXAyAAAAALAC\/\/+7tgAAAgQFtAEDAwUBAQgKPiNpvQAAAAAEAgAA"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_last_seen":1431969699706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969699706,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYh+dN4KbwKgBIpxUw6wV0QgaIZVwM6ASOJCGcAAAAgQFrAQCCApOs6EPPiNpvQEDAwk="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":3,"flow_last_seen":1431969699706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969699706,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0BLVAAEAGVHLAqAEinTeCm8OsnFQhlXAzFdEIG4AQECzdGQAAAQEICj4jaj5Os6EP"} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969700265,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969700265,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969700265,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969700265,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1431969700265,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1431969700265,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969700265,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969700265,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969700265,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969700265,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1390,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":1,"flow_first_seen":1431969701181,"flow_last_seen":1431969701181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969701181,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1431969701181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969701181,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1hBAAEAGgwrAqAEinTeCm8OuAbux\/OLXAAAAALAC\/\/9NAwAAAgQFtAEDAwUBAQgKPiNv+wAAAAAEAgAA"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1431969701308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969701308,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYh+dN4KbwKgBIgG7w655m4Wssfzi2KASOJA0zwAAAgQFrAQCCApOs6KgPiNv+wEDAwk="} @@ -807,26 +793,6 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1431969707326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969707326,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1ORAAEAGTF\/AqAEiQAQXpsO3Abu4qWeDAAAAALAC\/\/9x6QAAAgQFtAEDAwUBAQgKPiOH3AAAAAAEAgAA"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":1431969707546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969707546,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIgG7w7ccEsw5uKlnhKASOJDGigAAAgQFrAQCCApMP087PiOH3AEDAwk="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":1431969707546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969707546,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EpBAAEAGDsDAqAEiQAQXpsO3Abu4qWeEHBLMOoAQECwc2gAAAQEICj4jiLdMP087"} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1578,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969710530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packets_processed":1,"flow_first_seen":1431969710853,"flow_last_seen":1431969710853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969710853,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1431969710853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969710853,"pkt":"0NQSxnP1PBXCt3IOCABFAABAz19AAEAG2DnAqAEinTg0HMO8nEnrI3UzAAAAALAC\/\/8PzQAAAgQFtAEDAwUBAQgKPiOVkAAAAAAEAgAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1431969711097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969711097,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtJ2dODQcwKgBIpxJw7we\/\/hU6yN1NKASOJAgZAAAAgQFrAQCCApMXGQgPiOVkAEDAwk="} @@ -974,17 +940,6 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1431969719561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969719561,"pkt":"0NQSxnP1PBXCt3IOCABFAABAR+5AAEAG+sPAqAEiW77afcPRMD4OYtZAAAAAALAC\/\/9xPAAAAgQFtAEDAwUBAQgKPiO25AAAAAAEAgAA"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2177,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":1431969719623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969719623,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0Hj5AAPQGcH9bvtp9wKgBIjA+w9E3PWT9DmLWQYASH\/7iJQAAAgQFoAEDAwQBAQQC"} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":3,"flow_last_seen":1431969719623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969719623,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo4VtAAEAGYW7AqAEiW77afcPRMD4OYtZBNz1k\/lAQIAAi3wAA"} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":17,"flow_first_seen":1431969643093,"flow_last_seen":1431969698671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1431969720556,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431969720556,"pkt":"0NQSxnP1PBXCt3IOCABFAABKnloAAEARWNXAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="} 00736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -1039,59 +994,9 @@ 00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packets_processed":1,"flow_first_seen":1431969728749,"flow_last_seen":1431969728749,"flow_idle_time":180000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":0,"ts_msec":1431969728749,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}} 01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2461,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":2,"flow_last_seen":1431969728750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"ts_msec":1431969728750,"pkt":"AQBef\/\/6xCwDBkn+CABFAAIN8CkAAAERFbjAqAFc7\/\/\/+sOkB2wB+afnTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzEwLjIxMS41NS4zOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGUNClVTTjp1dWlkOjJjYmM3ODVlLTI1ZjQtNDBjYS05OGI1LTBkNTgwNGFkYWE4ZTo6dXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb250ZW50RGlyZWN0b3J5OjENCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy1OVC81LjEgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzpkNDZkNTAwOWUxNDcxYmE2ODAwZTQzZTdmMGUxMmVlNA0KDQo="} 01016{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2462,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":3,"flow_last_seen":1431969728750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"ts_msec":1431969728750,"pkt":"AQBef\/\/6xCwDBkn+CABFAAHN3wIAAAERJx\/AqAFc7\/\/\/+sOkB2wBuX63Tk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVwbnA6cm9vdGRldmljZQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xMC4yMTEuNTUuMzoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlDQpVU046dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGU6OnVwbnA6cm9vdGRldmljZQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLU5ULzUuMSBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOmQ0NmQ1MDA5ZTE0NzFiYTY4MDBlNDNlN2YwZTEyZWU0DQoNCg=="} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00576{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969730994,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969735255,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1431969735255,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431969735255,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuQGgAAEARFBbAqAEiarz5ujLdOxAAGjrunqMCSv26L3gQtCJn9dl5F8Bv"} 00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969735255,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00575{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packets_processed":15,"flow_first_seen":1431969698797,"flow_last_seen":1431969718921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":18,"flow_first_seen":1431969642376,"flow_last_seen":1431969712120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":2483,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00576{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":7,"flow_first_seen":1431969642247,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1125,40 +1030,6 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2649,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1431969750597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969750597,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYx1AAEAGQ2nAqAEinTg1L8PWMD5iE\/TfAAAAALAC\/\/\/p7gAAAgQFtAEDAwUBAQgKPiQvsAAAAAAEAgAA"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2651,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":2,"flow_last_seen":1431969750865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969750865,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGs4qdODUvwKgBIjA+w9azhlZQYhP04KASOJDCuQAAAgQFrAQCCApiCpO7PiQvsAEDAwk="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2652,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":3,"flow_last_seen":1431969750865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969750865,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wMFAAEAG5dDAqAEinTg1L8PWMD5iE\/Tgs4ZWUYAQECwY2QAAAQEICj4kMLtiCpO7"} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packets_processed":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packets_processed":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packets_processed":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packets_processed":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packets_processed":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packets_processed":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1213,14 +1084,6 @@ 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1431969759543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1431969759543,"pkt":"0NQSxnP1PBXCt3IOCABFwABMl\/4AAEAR3SbAqAEiEf0w9QB7AHsAOFSa4wIG7AAAChwAAPSnEf0w9dkEndkb+ycx2QSd2Rb0\/7nZBJ3ZG\/snMdkEnl+LA3WC"} 00583{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packets_processed":1,"flow_first_seen":1431969759543,"flow_last_seen":1431969759543,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969759543,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2763,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":2,"flow_last_seen":1431969759588,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1431969759588,"pkt":"PBXCt3IO0NQSxnP1CABFAABMAABAADgRPeUR\/TD1wKgBIgB7AHsAOA1EJAEG7AAAAAAAAAAMR1BTc9kEnl2e8n962QSeX4sDdYLZBJ5fkbdSxdkEnl+RubQR"} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packets_processed":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packets_processed":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1276,12 +1139,6 @@ 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2929,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":3,"flow_last_seen":1431969770913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969770913,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0fUhAAEAGq\/jAqAEiR+4Hy8PYSU+K+FHYJqKpv4AQECzd4gAAAQEICj4kfqwAAAAA"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2934,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_last_seen":1431969770978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969770978,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yw9eajaZMJ5d2wKAScSAAYwAAAgQFrAQCCAq+obooPiR90gEDAwc="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2935,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_last_seen":1431969770978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969770978,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05SBAAEAGpivAqAEiTKehBsPXTzInl3bAmo2mTYAQECyPAQAAAQEICj4kfuy+oboo"} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1323,14 +1180,10 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3013,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1431969774806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969774806,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwnFAAEAGyM7AqAEiTKehBsPcTzIA95PqAAAAALAC\/\/8TqQAAAgQFtAEDAwUBAQgKPiSNxwAAAAAEAgAA"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3061,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969776480,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yw9wNTHkCAPeT66AScSCe6QAAAgQFrAQCCAq+oc+oPiSNxwEDAwc="} 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3062,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":3,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969776480,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo01NAAEAGuATAqAEiTKehBsPcTzIA95PrAAAAAFAEAABYdwAA"} -00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packets_processed":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2898,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packets_processed":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2898,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packets_processed":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2961,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packets_processed":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2961,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packets_processed":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packets_processed":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00575{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packets_processed":8,"flow_first_seen":1431969712918,"flow_last_seen":1431969747557,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1384,6 +1237,16 @@ 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3188,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":3,"flow_last_seen":1431969789919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969789919,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0W4RAAEAG7DfAqAEiTsric8PgcYPYQ6AnVPCOj4AQECwPdQAAAQEICj4kyKMCUMms"} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packets_processed":1,"flow_first_seen":1431969791166,"flow_last_seen":1431969791166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969791166,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1431969791166,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969791166,"pkt":"0NQSxnP1PBXCt3IOCABFAABA8JJAAEAGte\/AqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/hugAAAgQFtAEDAwUBAQgKPiTNeQAAAAAEAgAA"} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00578{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":2,"flow_last_seen":1431969792168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969792168,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6r1AAEAGu8TAqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/d0gAAAgQFtAEDAwUBAQgKPiTRYQAAAAAEAgAA"} @@ -1397,14 +1260,54 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3234,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":1431969794784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969794784,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/CFAAEAGqmDAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/++BwAAAgQFtAEDAwUBAQgKPiTblAAAAAAEAgAA"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3236,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":2,"flow_last_seen":1431969794907,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969794907,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6ITcAAEAR1gjAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3239,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":3,"flow_last_seen":1431969796001,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969796001,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6focAAEAReLjAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} -00568{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00578{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packets_processed":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packets_processed":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packets_processed":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packets_processed":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1440,22 +1343,59 @@ 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":5,"flow_first_seen":1431969657029,"flow_last_seen":1431969777185,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2510,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":6,"flow_first_seen":1431969656652,"flow_last_seen":1431969807022,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":3012,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packets_processed":86,"flow_first_seen":1431969719110,"flow_last_seen":1431969765415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15522,"flow_avg_l4_payload_len":180,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00575{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packets_processed":4,"flow_first_seen":1431969713815,"flow_last_seen":1431969726847,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packets_processed":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packets_processed":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00568{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":7,"flow_first_seen":1431969643972,"flow_last_seen":1431969670410,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packets_processed":4,"flow_first_seen":1431969713814,"flow_last_seen":1431969726846,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packets_processed":5,"flow_first_seen":1431969668503,"flow_last_seen":1431969788519,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packets_processed":14,"flow_first_seen":1431969728749,"flow_last_seen":1431969734854,"flow_idle_time":180000,"flow_min_l4_payload_len":433,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":6693,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":17,"flow_first_seen":1431969643093,"flow_last_seen":1431969698671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packets_processed":5,"flow_first_seen":1431969793871,"flow_last_seen":1431969802019,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00550{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packets_processed":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748263,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packets_processed":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packets_processed":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packets_processed":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2898,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packets_processed":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2898,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":79,"flow_first_seen":1431969648258,"flow_last_seen":1431969808391,"flow_idle_time":180000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":26161,"flow_avg_l4_payload_len":331,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packets_processed":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1475,6 +1415,7 @@ 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packets_processed":15,"flow_first_seen":1431969698797,"flow_last_seen":1431969718921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1486,13 +1427,28 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":9,"flow_first_seen":1431969642969,"flow_last_seen":1431969723490,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packets_processed":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packets_processed":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packets_processed":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2961,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packets_processed":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2961,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packets_processed":100,"flow_first_seen":1431969715511,"flow_last_seen":1431969808618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1183,"flow_tot_l4_payload_len":5646,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packets_processed":100,"flow_first_seen":1431969715511,"flow_last_seen":1431969808618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1183,"flow_tot_l4_payload_len":5646,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":18,"flow_first_seen":1431969642376,"flow_last_seen":1431969712120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":2483,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":7,"flow_first_seen":1431969643971,"flow_last_seen":1431969670410,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00576{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1526,6 +1482,8 @@ 00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packets_processed":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00576{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1536,17 +1494,55 @@ 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packets_processed":8,"flow_first_seen":1431969791166,"flow_last_seen":1431969802183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packets_processed":8,"flow_first_seen":1431969791166,"flow_last_seen":1431969802183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packets_processed":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packets_processed":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packets_processed":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packets_processed":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packets_processed":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packets_processed":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packets_processed":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packets_processed":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00579{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packets_processed":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":7,"flow_first_seen":1431969642244,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":387,"flow_first_seen":1431969642444,"flow_last_seen":1431969808620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":172532,"flow_avg_l4_payload_len":445,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packets_processed":2,"flow_first_seen":1431969759543,"flow_last_seen":1431969759588,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1568,6 +1564,8 @@ 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packets_processed":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packets_processed":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1631,6 +1629,8 @@ 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","total-events-serialized":1634} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3284/3069 diff --git a/test/results/skype_no_unknown.pcap.out b/test/results/skype_no_unknown.pcap.out index cb4da7d73..cab4f939a 100644 --- a/test/results/skype_no_unknown.pcap.out +++ b/test/results/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype_no_unknown.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype_no_unknown.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970632290,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431970632290,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"ts_msec":1431970632290,"pkt":"AQBeAAAWJKQ8\/kzXCABGwAAoAABAAAECQXbAqAHb4AAAFpQEAAAiADajAAAAAQIAAADpWbwBAAAAAAAA"} 00555{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970632290,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}} @@ -714,8 +714,6 @@ 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1431970681960,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970681960,"pkt":"0NQSxnP1PBXCt3IOCABFAABBaTkAAEARlaPAqAEib91KKDLdnFkALS1Je7sCEGG8jv3asKVduW1KlINShpl5CYZ6daDh4AHUflFCiwcMag=="} 00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970682458,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970682458,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7SRAAEAGAv\/AqAEinTfrkshMnFVVB2sVAAAAALAC\/\/9GzAAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1214,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -879,12 +877,6 @@ 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":3,"flow_last_seen":1431970692055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431970692055,"pkt":"0NQSxnP1PBXCt3IOCABFAAAop\/VAAEAG42LAqAEiTKehBshkTzK\/rUQHAAAAAFAEAADlHAAA"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1696,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_last_seen":1431970692292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431970692292,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuAIoAAEARXlnAqAEirjGr4DLdfQsAGsvlfaACeL8XUJBpLDeRz+sEHWOI"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_last_seen":1431970692292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431970692292,"pkt":"0NQSxnP1PBXCt3IOCABFAAAug2AAAEAR1cjAqAEiUx8MrTLdXYMAGvz0faICfIT9gb6c5K1Sd5xbHa0C"} -00586{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970692464,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970692464,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970692464,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970692464,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970692464,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970692464,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packets_processed":1,"flow_first_seen":1431970692464,"flow_last_seen":1431970692464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970692464,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1431970692464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970692464,"pkt":"0NQSxnP1PBXCt3IOCABFAABAG0ZAAEAGm9bAqAEiUuBu8chll+8qmATQAAAAALAC\/\/9+NAAAAgQFtAEDAwUBAQgKPjJnPQAAAAAEAgAA"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":1431970692533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970692533,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8K7ZAAHIGWWpS4G7xwKgBIpfvyGV1sVenKpgE0aASIACFcQAAAgQFrAEDAwgEAggKAAccXD4yZz0="} @@ -935,18 +927,6 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":3,"flow_last_seen":1431970701535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970701535,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0GjJAAEAGggLAqAEi1KEIJMhxNFBceQzzqm6wf4AQECzgbwAAAQEICj4yilc\/pB5H"} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1965,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":1431970701599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970701599,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGRPJdT+CwwKgBIjiqyHKomFMrw2QCDKASOJC0yAAAAgQFrAQCCAoANM\/iPjKKPAEDAwU="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1966,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":3,"flow_last_seen":1431970701599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970701599,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03YRAAEAGXXXAqAEiXU\/gsMhyOKrDZAIMqJhTLIAQECwLlgAAAQEICj4yipUANM\/i"} -00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2008,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970702574,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packets_processed":1,"flow_first_seen":1431970703073,"flow_last_seen":1431970703073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970703073,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1431970703073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970703073,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2zBAAEAGwPfAqAEi1KEIJMhzNFD26tn9AAAAALAC\/\/\/8RgAAAgQFtAEDAwUBAQgKPjKQRwAAAAAEAgAA"} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2017,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1431970703145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970703145,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHPVGwsc9urZ\/qASOJBaugAAAgQFrAQCCAo\/nFogPjKQRwEDAwk="} @@ -969,6 +949,8 @@ 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708715,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1431970708715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970708715,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWHtAAEAGQ63AqAEi1KEIJMh3NFBvQ5mUAAAAALAC\/\/+uawAAAgQFtAEDAwUBAQgKPjKmLwAAAAAEAgAA"} 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":1,"flow_first_seen":1431970634648,"flow_last_seen":1431970634648,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packets_processed":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packets_processed":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -1036,11 +1018,17 @@ 00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":8,"flow_first_seen":1431970635325,"flow_last_seen":1431970688837,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":7,"flow_first_seen":1431970634731,"flow_last_seen":1431970661287,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packets_processed":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packets_processed":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":2,"flow_first_seen":1431970648982,"flow_last_seen":1431970679028,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678946,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packets_processed":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1061,6 +1049,8 @@ 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packets_processed":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":8,"flow_first_seen":1431970642412,"flow_last_seen":1431970643680,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":7,"flow_first_seen":1431970642408,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1097,6 +1087,8 @@ 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packets_processed":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":348,"flow_first_seen":1431970634729,"flow_last_seen":1431970685945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":158703,"flow_avg_l4_payload_len":456,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1126,9 +1118,13 @@ 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":7,"flow_first_seen":1431970634591,"flow_last_seen":1431970661089,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":7,"flow_first_seen":1431970634589,"flow_last_seen":1431970661089,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packets_processed":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694738,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -1179,6 +1175,8 @@ 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packets_processed":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706169,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packets_processed":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1189,6 +1187,8 @@ 00571{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15399,"flow_avg_l4_payload_len":202,"midstream":1,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":8,"flow_first_seen":1431970634432,"flow_last_seen":1431970687929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":8,"flow_first_seen":1431970634431,"flow_last_seen":1431970687929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} 00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/skype_udp.pcap.out b/test/results/skype_udp.pcap.out index 5838c719a..73b086b57 100644 --- a/test/results/skype_udp.pcap.out +++ b/test/results/skype_udp.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype_udp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype_udp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1156534494734,"flow_last_seen":1156534494734,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1156534494734,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1156534494734,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1156534494734,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCrtEAh3kuASsbNLlPtKfPLsSj70vZ59IfZD23vQ=="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1156534496782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1156534496782,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCqvCj5HkuAStybQoRs8uOXAH\/9ayvdzDWsfxVrg=="} diff --git a/test/results/smb_deletefile.pcap.out b/test/results/smb_deletefile.pcap.out index 25098fb47..be3bac5b6 100644 --- a/test/results/smb_deletefile.pcap.out +++ b/test/results/smb_deletefile.pcap.out @@ -1,4 +1,4 @@ -00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smb_deletefile.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smb_deletefile.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"ts_msec":1584368315417,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="} 00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} diff --git a/test/results/smbv1.pcap.out b/test/results/smbv1.pcap.out index 17ac9a94e..27b53081a 100644 --- a/test/results/smbv1.pcap.out +++ b/test/results/smbv1.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smbv1.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smbv1.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1492191036092,"flow_last_seen":1492191036092,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1492191036092,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492191036092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"ts_msec":1492191036092,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1492191036120,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"} diff --git a/test/results/smpp_in_general.pcap.out b/test/results/smpp_in_general.pcap.out index 3c641ecf9..981fcbae0 100644 --- a/test/results/smpp_in_general.pcap.out +++ b/test/results/smpp_in_general.pcap.out @@ -1,4 +1,4 @@ -00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smpp_in_general.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smpp_in_general.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1217149853878,"flow_last_seen":1217149853878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1217149853878,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1217149853878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1217149853878,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1217149853879,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"} diff --git a/test/results/smtp-starttls.pcap.out b/test/results/smtp-starttls.pcap.out index e007636a0..826c272ab 100644 --- a/test/results/smtp-starttls.pcap.out +++ b/test/results/smtp-starttls.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smtp-starttls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smtp-starttls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1388017124762,"flow_last_seen":1388017124762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1388017124762,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1388017124762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1388017124762,"pkt":"AAAMB6wBABNyxPHhCABFAAA8JqtAAEAGeocKAAABrcJEGuA+ABlXuT72AAAAAKACOQgLsAAAAgQFtAQCCAraWRhdAAAAAAEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1388017124774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1388017124774,"pkt":"ABNyxPHhANAr0XYACABFAAA8X3cAAC4Gk7utwkQaCgAAAQAZ4D6dvxfqV7k+96ASpiw5gwAAAgQFlgQCCAoS8Zx72lkYXQEDAwY="} diff --git a/test/results/snapchat.pcap.out b/test/results/snapchat.pcap.out index 48181308d..fbbd4b628 100644 --- a/test/results/snapchat.pcap.out +++ b/test/results/snapchat.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"snapchat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"snapchat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1431417993318,"flow_last_seen":1431417993318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431417993318,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431417993318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431417993318,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="} 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431417993319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431417993319,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"} diff --git a/test/results/snapchat_call.pcapng.out b/test/results/snapchat_call.pcapng.out index 4f956d664..c16f7b68e 100644 --- a/test/results/snapchat_call.pcapng.out +++ b/test/results/snapchat_call.pcapng.out @@ -1,4 +1,4 @@ -00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"snapchat_call.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"snapchat_call.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1595865799020,"flow_last_seen":1595865799020,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1595865799020,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595865799020,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1595865799020,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIdAAEARymzAqAypEriKjqRjAbsFTpy2w1EwNDZQw4BG53qjBuoAAAABZPU1L7U5tyJMVD1ioAEEAENITE8MAAAAUEFEAEgDAABWRVIATAMAAENDUwBcAwAAUERNRGADAABTTUhMZAMAAElDU0xoAwAATk9OUIgDAABNSURTjAMAAFNDTFOQAwAAQ1NDVJADAABDRkNXlAMAAFNGQ1eYAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tUTA0NgHogWCSkhrofu2AhqIVgpFYNTA5AQAAACgAAAAzbE4qRvvkp4rlFQIkD4jjmdOAAP5SZ2hG5WgHAg7x+2QAAAABAAAAAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1595865799020,"flow_last_seen":1595865799020,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1595865799020,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} diff --git a/test/results/ssdp-m-search.pcap.out b/test/results/ssdp-m-search.pcap.out index a61c3aabd..67a3601d9 100644 --- a/test/results/ssdp-m-search.pcap.out +++ b/test/results/ssdp-m-search.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssdp-m-search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssdp-m-search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1532054645808,"flow_last_seen":1532054645808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1532054645808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1532054645808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"ts_msec":1532054645808,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxO0tAAEARmRfAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1532054645808,"flow_last_seen":1532054645808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1532054645808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}} diff --git a/test/results/ssh.pcap.out b/test/results/ssh.pcap.out index c72930022..9017df022 100644 --- a/test/results/ssh.pcap.out +++ b/test/results/ssh.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1320435464760,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1320435464760,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1320435464760,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1320435464760,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="} diff --git a/test/results/ssl-cert-name-mismatch.pcap.out b/test/results/ssl-cert-name-mismatch.pcap.out index d5f14ea8b..47fe25163 100644 --- a/test/results/ssl-cert-name-mismatch.pcap.out +++ b/test/results/ssl-cert-name-mismatch.pcap.out @@ -1,4 +1,4 @@ -00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1620643422034,"flow_last_seen":1620643422034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620643422034,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620643422034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620643422034,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620643422162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620643422162,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="} diff --git a/test/results/starcraft_battle.pcap.out b/test/results/starcraft_battle.pcap.out index a7b9b3cb2..9f1e60d99 100644 --- a/test/results/starcraft_battle.pcap.out +++ b/test/results/starcraft_battle.pcap.out @@ -1,4 +1,4 @@ -00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"starcraft_battle.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"starcraft_battle.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1437389953643,"flow_last_seen":1437389953643,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1437389953643,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437389953643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1437389953643,"pkt":"IImEa8W6hCYVPnXECABFAABHZtpAAPMGok\/AHvxbwKgBZAG7DI12Mx9qhBzaXVAYAB\/+XQAAFwMDABrSe+rfqh1HHm09zJFdvf5O5AwaBTHDWE16Zg=="} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437389953643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1437389953643,"pkt":"hCYVPnXEIImEa8W6CABFAABLZZBAAIAGFpbAqAFkwB78WwyNAbuEHNpddjMfiVAYAP4NnAAAFwMDAB4AAAAAAAAAE\/\/36Dj9UZVbiDpZWB\/\/4P+7KR1Y0OI="} @@ -119,10 +119,6 @@ 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1437389968610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1437389968610,"pkt":"IImEa8W6hCYVPnXECABFAAAoIUtAAPIGObXHJqScwKgBZAG7DZ7bDuslZeBiaVAQFLnPdAAAAAAAAAAA"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1437389968610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1437389968610,"pkt":"IImEa8W6hCYVPnXECABFAAAoIUxAAPIGObTHJqScwKgBZAG7DZ7bDuslZeBiaVARFLnPcwAAAAAAAAAA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1437389970671,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389970671,"pkt":"hCYVPnXEIImEa8W6CABFAAA0DEUAAIARlo\/AqAFkrcIoFtFAAbsAIKDYDBnPzxTN69maK3zVmJ1A8q4\/WcfKtlQW"} -00580{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":1,"flow_first_seen":1437389976946,"flow_last_seen":1437389976946,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1437389976946,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"ts_msec":1437389976946,"pkt":"AQBeAAAWtFJ+6zOBCABGAAAoAABAAAECQqbAqAFr4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7AQEICgBN"} 00558{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":1,"flow_first_seen":1437389976946,"flow_last_seen":1437389976946,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}} @@ -309,6 +305,10 @@ 00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":11,"flow_first_seen":1437389963466,"flow_last_seen":1437389963469,"flow_idle_time":180000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":4522,"flow_avg_l4_payload_len":411,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":179,"flow_first_seen":1437389964790,"flow_last_seen":1437389968014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":124502,"flow_avg_l4_payload_len":695,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00580{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00580{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/steam.pcap.out b/test/results/steam.pcap.out index 34ace67e2..b5b952d2e 100644 --- a/test/results/steam.pcap.out +++ b/test/results/steam.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"steam.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"steam.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1357332164693,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164693,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYoALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} 00578{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}} diff --git a/test/results/steam_datagram_relay_ping.pcapng.out b/test/results/steam_datagram_relay_ping.pcapng.out index a70717229..f1b664820 100644 --- a/test/results/steam_datagram_relay_ping.pcapng.out +++ b/test/results/steam_datagram_relay_ping.pcapng.out @@ -1,4 +1,4 @@ -00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1625599888890,"flow_last_seen":1625599888890,"flow_idle_time":180000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1300,"flow_avg_l4_payload_len":1300,"midstream":0,"ts_msec":1625599888890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02187{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625599888890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1342,"pkt_l4_len":1308,"ts_msec":1625599888890,"pkt":"eJS0JASgYDjgxTWgCABFAAUwjsUAAH8RmLPAqAJkiy3BCsu9aYoFHNuQAQFzZHBpbmeh3CnjmWUAAAAAAAA\/AQAAk6QtixMMCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1625599888890,"flow_last_seen":1625599888890,"flow_idle_time":180000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1300,"flow_avg_l4_payload_len":1300,"midstream":0,"ts_msec":1625599888890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}} diff --git a/test/results/stun_facebook.pcapng.out b/test/results/stun_facebook.pcapng.out index a1c29fc49..330ca0fa5 100644 --- a/test/results/stun_facebook.pcapng.out +++ b/test/results/stun_facebook.pcapng.out @@ -1,4 +1,4 @@ -00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"stun_facebook.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"stun_facebook.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1629291451242,"flow_last_seen":1629291451242,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1629291451242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1629291451242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1629291451242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1629291451254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1629291451254,"pkt":"mt9Y+uvcCL6sCxduCABFAACER+pAAFURmuofDVY2wKgMqZxDlOsAcMgPARMAVCESpEJBSzdRUHlQSzlldVYACQAQAAAEAXVuYXV0aG9yaXplZAAVAChiYjAzMWQ2MWNjYzFiZTgyZTI0MDE0NDM1ZWQ1MmYyNmZiYTYyNDgzABQAD3R1cm5lci5mYWNlYm9vawA="} diff --git a/test/results/synscan.pcap.out b/test/results/synscan.pcap.out index 59296f9e0..f0d61d944 100644 --- a/test/results/synscan.pcap.out +++ b/test/results/synscan.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"synscan.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"synscan.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275056274,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275056274,"pkt":"ACYLMQczACWzv5HuCABFAAAs5wgAADYGK2qsEAAIQA2GNIzSAbvdUoMYAAAAAGACDAAq1AAAAgQFtA=="} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -4000,8 +4000,6 @@ 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2004,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsALEAADsGDMKsEAAIQA2GNIzTE4rdU4MZAAAAAGACEAAVAgAAAgQFtA=="} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAs5sAAACYGO7KsEAAIQA2GNIzTE4bdU4MZAAAAAGACDAAZBgAAAgQFtA=="} -00565{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2009,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":2,"flow_first_seen":1278275056340,"flow_last_seen":1278275056401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275077368,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2009,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":2,"flow_first_seen":1278275056340,"flow_last_seen":1278275056401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275077368,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","ndpi": {"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3390,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -5762,6 +5760,8 @@ 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1865,"flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":465,"flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":465,"flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":2,"flow_first_seen":1278275056340,"flow_last_seen":1278275056401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":2,"flow_first_seen":1278275056340,"flow_last_seen":1278275056401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":483,"flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":483,"flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":119,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out index c93526541..124207356 100644 --- a/test/results/teams.pcap.out +++ b/test/results/teams.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teams.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teams.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587041672419,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"ts_msec":1587041672419,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3"}} diff --git a/test/results/teamspeak3.pcap.out b/test/results/teamspeak3.pcap.out index 58e773327..27c3b1731 100644 --- a/test/results/teamspeak3.pcap.out +++ b/test/results/teamspeak3.pcap.out @@ -1,4 +1,4 @@ -00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teamspeak3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teamspeak3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946745680740,"flow_last_seen":946745680740,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":946745680740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946745680740,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":946745680740,"pkt":"REREREREZmZmZmZmCABFAAA+yVhAAHgRnjQKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2EAAAAAAAAAAA=="} 00578{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946745680740,"flow_last_seen":946745680740,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":946745680740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}} diff --git a/test/results/telegram.pcap.out b/test/results/telegram.pcap.out index 13dbc0be4..9c25a30ae 100644 --- a/test/results/telegram.pcap.out +++ b/test/results/telegram.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"telegram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"telegram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1588779596451,"flow_last_seen":1588779596451,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1588779596451,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588779596451,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"ts_msec":1588779596451,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJVAAEARYHzAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGANsCwWgAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1588779596451,"flow_last_seen":1588779596451,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1588779596451,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3"}} diff --git a/test/results/teredo.pcap.out b/test/results/teredo.pcap.out index c29c722d5..97051d42e 100644 --- a/test/results/teredo.pcap.out +++ b/test/results/teredo.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teredo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teredo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1438853615305,"flow_last_seen":1438853615305,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853615305,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1438853615305,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1438853615305,"pkt":"bEFqjICJABsXAAEVCABFAABZWboAAH4R6SsKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="} 00587{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1438853615305,"flow_last_seen":1438853615305,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853615305,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}} diff --git a/test/results/tftp.pcap.out b/test/results/tftp.pcap.out index 9035ee08e..846dd54fa 100644 --- a/test/results/tftp.pcap.out +++ b/test/results/tftp.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1367411051972,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1367411051972,"pkt":"AFCN14tDAAu+GJpACABFAAAwAAAAAP8ROWXAqAD9wKgACsW6AEUAHD4gAAFyZmMxMzUwLnR4dABvY3RldAA="} 00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} diff --git a/test/results/tinc.pcap.out b/test/results/tinc.pcap.out index d6f74e896..c3068bd10 100644 --- a/test/results/tinc.pcap.out +++ b/test/results/tinc.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tinc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tinc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1495983427717,"flow_last_seen":1495983427717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1495983427717,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1495983427717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1495983427717,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1495983427744,"flow_last_seen":1495983427744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1495983427744,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/tk.pcap.out b/test/results/tk.pcap.out index b9ad8d230..77cdd86f0 100644 --- a/test/results/tk.pcap.out +++ b/test/results/tk.pcap.out @@ -1,4 +1,4 @@ -00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1613939315029,"flow_last_seen":1613939315029,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315029,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613939315029,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1613939315029,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6W4cAAEARmyjAqAGywKgBAcryADUAJu9GCIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAAQAB"} 00704{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1613939315029,"flow_last_seen":1613939315029,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315029,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} diff --git a/test/results/tls-esni-fuzzed.pcap.out b/test/results/tls-esni-fuzzed.pcap.out index dded4284b..ae8c8653c 100644 --- a/test/results/tls-esni-fuzzed.pcap.out +++ b/test/results/tls-esni-fuzzed.pcap.out @@ -1,4 +1,4 @@ -00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} 00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} diff --git a/test/results/tls-rdn-extract.pcap.out b/test/results/tls-rdn-extract.pcap.out index e2945fee8..b9d5776a1 100644 --- a/test/results/tls-rdn-extract.pcap.out +++ b/test/results/tls-rdn-extract.pcap.out @@ -1,4 +1,4 @@ -00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="} 00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} diff --git a/test/results/tls_alert.pcap.out b/test/results/tls_alert.pcap.out index 3f9c5b471..40a363d99 100644 --- a/test/results/tls_alert.pcap.out +++ b/test/results/tls_alert.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_alert.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_alert.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1628259176203,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1628259176203,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAABAAABAAEAGtpPAqAHAwKgBFPa2AbvtIEkOAAAAALAC\/\/9MagAAAgQFtAEDAwUBAQgKE9Ij+wAAAAAEAgAA"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1628259176203,"pkt":"oM7IELEuAICPmq69CABFAAA8AABAAEAGtpfAqAEUwKgBwAG79rbEoc1F7SBJD6AScSBz9QAAAgQFtAQCCAoAseWtE9Ij+wEDAwc="} diff --git a/test/results/tls_certificate_too_long.pcap.out b/test/results/tls_certificate_too_long.pcap.out index f0d774e72..939eda28d 100644 --- a/test/results/tls_certificate_too_long.pcap.out +++ b/test/results/tls_certificate_too_long.pcap.out @@ -1,4 +1,4 @@ -00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1626168074745,"flow_last_seen":1626168074745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1626168074745,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1626168074745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1626168074745,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1626168074926,"flow_last_seen":1626168074926,"flow_idle_time":7440000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":394,"midstream":1,"ts_msec":1626168074926,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/tls_esni_sni_both.pcap.out b/test/results/tls_esni_sni_both.pcap.out index a7446b40d..d3e72a574 100644 --- a/test/results/tls_esni_sni_both.pcap.out +++ b/test/results/tls_esni_sni_both.pcap.out @@ -1,17 +1,17 @@ -00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1595697574192,"flow_last_seen":1595697574192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1595697574192,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595697574192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1595697574192,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595697574222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1595697574222,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595697574222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1595697574222,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjMAbsVnUj2YzZRGlAQEADZRAAA"} 00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":4,"flow_first_seen":1595697574192,"flow_last_seen":1595697574223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":634,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1595697574223,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}} 00987{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1595697574192,"flow_last_seen":1595697574271,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2094,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":1595697574271,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} -00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7615,"flow_avg_l4_payload_len":380,"midstream":0,"ts_msec":1595697597731,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1595697597731,"flow_last_seen":1595697597731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1595697597731,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1595697597731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1595697597731,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjaAbvycO9jAAAAALAC\/\/+plAAAAgQFtAEDAwYBAQgKRX6yWgAAAAAEAgAA"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1595697597760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1595697597760,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72Npkmiax8nDvZIAS\/\/9OXwAAAgQFeAEBBAIBAwMK"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1595697597760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1595697597760,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjaAbvycO9kZJomslAQEAB++AAA"} 00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1595697597731,"flow_last_seen":1595697597760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":639,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1595697597760,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}} 00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1595697597731,"flow_last_seen":1595697597802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2099,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":1595697597802,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} +00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7615,"flow_avg_l4_payload_len":380,"midstream":0,"ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":18,"flow_first_seen":1595697597731,"flow_last_seen":1595697597855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6160,"flow_avg_l4_payload_len":342,"midstream":0,"ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00166{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","total-events-serialized":16} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ @@ -28,4 +28,4 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 171 chars ~~ json string max len.......: 998 chars -~~ json string avg len.......: 654 chars +~~ json string avg len.......: 655 chars diff --git a/test/results/tls_invalid_reads.pcap.out b/test/results/tls_invalid_reads.pcap.out index b279dcfde..acb6fd981 100644 --- a/test/results/tls_invalid_reads.pcap.out +++ b/test/results/tls_invalid_reads.pcap.out @@ -1,4 +1,4 @@ -00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1252380859868,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1252380859868,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1252380859868,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"ts_msec":1252380859884,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"} diff --git a/test/results/tls_long_cert.pcap.out b/test/results/tls_long_cert.pcap.out index bf1995d78..d49348a47 100644 --- a/test/results/tls_long_cert.pcap.out +++ b/test/results/tls_long_cert.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_long_cert.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_long_cert.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1553619078033,"flow_last_seen":1553619078033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1553619078033,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1553619078033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1553619078033,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1553619078058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1553619078058,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="} diff --git a/test/results/tls_verylong_certificate.pcap.out b/test/results/tls_verylong_certificate.pcap.out index 2b8d68b6e..384de06fa 100644 --- a/test/results/tls_verylong_certificate.pcap.out +++ b/test/results/tls_verylong_certificate.pcap.out @@ -1,4 +1,4 @@ -00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1578254908457,"flow_last_seen":1578254908457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578254908457,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578254908457,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578254908457,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1578254908469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578254908469,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out index 62f87006f..68ad4a502 100644 --- a/test/results/tor.pcap.out +++ b/test/results/tor.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tor.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tor.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00350{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821660212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","type":38} 00350{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821662212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -131,8 +131,6 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821762212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","type":38} -00568{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1383821764213,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1383821764213,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1383821673254,"flow_last_seen":1383821763366,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383821764213,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821764213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","type":38} @@ -162,6 +160,8 @@ 00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1383821673254,"flow_last_seen":1383821763366,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00568{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1383822123915,"flow_last_seen":1383822123915,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/trickbot.pcap.out b/test/results/trickbot.pcap.out index b71b1f816..0ee0dd6d1 100644 --- a/test/results/trickbot.pcap.out +++ b/test/results/trickbot.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"trickbot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"trickbot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1609266107551,"flow_last_seen":1609266107551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1609266107551,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609266107551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1609266107551,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609266107797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1609266107797,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="} diff --git a/test/results/tumblr.pcap.out b/test/results/tumblr.pcap.out index 28ca5d63d..716f304bb 100644 --- a/test/results/tumblr.pcap.out +++ b/test/results/tumblr.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tumblr.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tumblr.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1605292102219,"flow_last_seen":1605292102219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292102219,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605292102219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292102219,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJhiq5D+6LgBAB9a70AAABAQgKqXs\/nsLc288="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1605292102602,"flow_last_seen":1605292102602,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292102602,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/ubntac2.pcap.out b/test/results/ubntac2.pcap.out index ef8dcd235..b17a8fa4f 100644 --- a/test/results/ubntac2.pcap.out +++ b/test/results/ubntac2.pcap.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ubntac2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ubntac2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943433175,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1486943433175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1486943433175,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4FAAEARuPfAqAEB\/\/\/\/\/4UlJxEAtx2vAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeYAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFc8bAAU0LjAuMA=="} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943433175,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} diff --git a/test/results/upnp.pcap.out b/test/results/upnp.pcap.out index e9e43d2c7..7e5c4924d 100644 --- a/test/results/upnp.pcap.out +++ b/test/results/upnp.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"upnp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"upnp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1541515314826,"flow_last_seen":1541515314826,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1541515314826,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01331{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1541515314826,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"ts_msec":1541515314826,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1541515314827,"flow_last_seen":1541515314827,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1541515314827,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/viber.pcap.out b/test/results/viber.pcap.out index fb2ae3385..50a0f03a6 100644 --- a/test/results/viber.pcap.out +++ b/test/results/viber.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"viber.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"viber.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1527155638428,"flow_last_seen":1527155638428,"flow_idle_time":7440000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"ts_msec":1527155638428,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1527155638428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"ts_msec":1527155638428,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1527155638474,"flow_last_seen":1527155638474,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1527155638474,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -88,8 +88,6 @@ 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1527155648526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1527155648526,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0cjFAAEAGbvLAqAARl2UBgtnCAbvgBRguc5vxF4AQAq3nkgAAAQEICgAhaiDIDMgp"} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":4,"flow_first_seen":1527155648513,"flow_last_seen":1527155648533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1527155648533,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"venetia.iad.appboy.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1527155666982,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1527155666982,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":22,"flow_first_seen":1527155639240,"flow_last_seen":1527155640252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6393,"flow_avg_l4_payload_len":290,"midstream":0,"ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":22,"flow_first_seen":1527155640085,"flow_last_seen":1527155641008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6145,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":1,"flow_first_seen":1527155670632,"flow_last_seen":1527155670632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155670632,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1527155670632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155670632,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8WoBAAEAGCJrAqAAREskEILFwAbuQXSU3AAAAAKAC\/\/+HxQAAAgQFtAQCCAoAIX+3AAAAAAEDAwc="} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -132,6 +130,8 @@ 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1527155685757,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1527155685757,"pkt":"AA6OMNv9MAdNo1+nCABFAAXcfu9AAEABNMHAqAARwKgADwgA3UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="} 00561{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":1,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":120000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":1480,"flow_avg_l4_payload_len":1480,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1527155685757,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1527155685757,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcOTwAAEABunTAqAAPwKgAEQAA5UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":22,"flow_first_seen":1527155639240,"flow_last_seen":1527155640252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6393,"flow_avg_l4_payload_len":290,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":22,"flow_first_seen":1527155640085,"flow_last_seen":1527155641008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6145,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":46,"flow_first_seen":1527155670640,"flow_last_seen":1527155677861,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":5405,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/vnc.pcap.out b/test/results/vnc.pcap.out index e12049413..4e2810b2c 100644 --- a/test/results/vnc.pcap.out +++ b/test/results/vnc.pcap.out @@ -1,4 +1,4 @@ -00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"vnc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"vnc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1476111264364,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1476111264364,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1476111264364,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1476111264364,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"} diff --git a/test/results/wa_video.pcap.out b/test/results/wa_video.pcap.out index e5f1da959..624870b07 100644 --- a/test/results/wa_video.pcap.out +++ b/test/results/wa_video.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wa_video.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wa_video.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561455764448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455764448,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} 00587{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}} diff --git a/test/results/wa_voice.pcap.out b/test/results/wa_voice.pcap.out index 6b1b36f02..db11ca339 100644 --- a/test/results/wa_voice.pcap.out +++ b/test/results/wa_voice.pcap.out @@ -1,4 +1,4 @@ -00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wa_voice.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wa_voice.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1561455687942,"flow_last_seen":1561455687942,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1561455687942,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561455687942,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1561455687942,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1561455687942,"flow_last_seen":1561455687942,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1561455687942,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -107,9 +107,6 @@ 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1561455730495,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455730495,"pkt":"kLkxKPrKxiwDYGpkCABFAABI7nAAADERRFFb\/DgzwKgCDH\/A3AgANOnLAAEAGCESpEJZi1FU1SmRVkxGZgQACAAUYCmYSN+rkyNYVIx9I16CdotJWKc="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":1,"flow_first_seen":1561455730495,"flow_last_seen":1561455730495,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455730495,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1561455731073,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455731073,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":85,"flow_first_seen":1561455707474,"flow_last_seen":1561455707887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":41946,"flow_avg_l4_payload_len":493,"midstream":0,"ts_msec":1561455731356,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":477,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1561455731356,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1561455731356,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1561455731356,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"ts_msec":1561455731356,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":1,"flow_first_seen":1561455731665,"flow_last_seen":1561455731665,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455731665,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1561455731665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455731665,"pkt":"xiwDYGpkkLkxKPrKCABFAABId7IAAEAR8MLAqAIMATxOQNwI+xoANL93AAEAGCESpEJNNg9OA5IbZKhKGmoACAAUkUJIDnID0ka3i4LpQfhGRUa3K\/w="} @@ -138,6 +135,7 @@ 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":24,"flow_first_seen":1561455688201,"flow_last_seen":1561455742310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6423,"flow_avg_l4_payload_len":267,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":85,"flow_first_seen":1561455707474,"flow_last_seen":1561455707887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":41946,"flow_avg_l4_payload_len":493,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":5,"flow_first_seen":1561455721320,"flow_last_seen":1561455738622,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1500,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":164,"flow_first_seen":1561455730495,"flow_last_seen":1561455742404,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":25046,"flow_avg_l4_payload_len":152,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -145,6 +143,8 @@ 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":4,"flow_first_seen":1561455701309,"flow_last_seen":1561455731356,"flow_idle_time":180000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":340,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00579{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":8,"flow_first_seen":1561455706914,"flow_last_seen":1561455741420,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/waze.pcap.out b/test/results/waze.pcap.out index 519c3c649..8409e1c1b 100644 --- a/test/results/waze.pcap.out +++ b/test/results/waze.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"waze.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"waze.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1435587866603,"flow_last_seen":1435587866603,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"ts_msec":1435587866603,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1435587866603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1435587866603,"pkt":"ABoRAAACABoRAAABCABFAABNMsFAAEAGQsYKECWdriXnUaUQFGaA18okWhY9doAYAVcoQwAAAQEICgAIazhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1435587867103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1435587867103,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} @@ -163,18 +163,6 @@ 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1435587894244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAo7+9AAEAGZO4KCAABLjOtto0mAbvDfJnrPINmFlAQ\/\/86\/wAA"} 00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587894323,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01136{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"ts_msec":1435587894759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1624,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":181,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":15,"flow_first_seen":1435587869162,"flow_last_seen":1435587869302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":14,"flow_first_seen":1435587871656,"flow_last_seen":1435587871946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":14,"flow_first_seen":1435587871658,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":552,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":543,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":548,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"ts_msec":1435587898627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":1,"flow_first_seen":1435587898822,"flow_last_seen":1435587898822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587898822,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1435587898822,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587898822,"pkt":"ABoRAAACABoRAAABCABFAAA8qMZAAEAGamAKCAABbKiw5MaMAbuJft8IAAAAAKAC\/\/93xAAAAgQFtAQCCAoACHfOAAAAAAEDAwg="} 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1435587898824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAodXtAABAGzb9sqLDkCggAAQG7xox2gSD3iX7fCVAS\/\/+\/9AAA"} @@ -188,6 +176,13 @@ 01136{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"ts_msec":1435587905565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} 00585{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00546{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1624,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":181,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":15,"flow_first_seen":1435587869162,"flow_last_seen":1435587869302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":14,"flow_first_seen":1435587871656,"flow_last_seen":1435587871946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":14,"flow_first_seen":1435587871658,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":552,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":543,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -201,14 +196,19 @@ 00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8096,"flow_tot_l4_payload_len":26354,"flow_avg_l4_payload_len":941,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} 00544{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":13,"flow_first_seen":1435587868996,"flow_last_seen":1435587869400,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":1420,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21888,"flow_tot_l4_payload_len":57094,"flow_avg_l4_payload_len":1730,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00546{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00546{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00542{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00546{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} diff --git a/test/results/webex.pcap.out b/test/results/webex.pcap.out index 932cfe062..a7ce2f81c 100644 --- a/test/results/webex.pcap.out +++ b/test/results/webex.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"webex.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"webex.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1444570624853,"flow_last_seen":1444570624853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570624853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1444570624853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570624853,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="} 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1444570624860,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570624860,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"} @@ -193,33 +193,6 @@ 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":4,"flow_first_seen":1444570640385,"flow_last_seen":1444570640408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01330{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":6,"flow_first_seen":1444570638225,"flow_last_seen":1444570640491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":3924,"flow_avg_l4_payload_len":654,"midstream":0,"ts_msec":1444570640491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D"}} 00836{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":6,"flow_first_seen":1444570640385,"flow_last_seen":1444570640593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570640593,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00583{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":582,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570656700,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":582,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570656700,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":582,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570656700,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":582,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570656700,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":582,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":14,"flow_first_seen":1444570632436,"flow_last_seen":1444570633205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":4426,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1444570656700,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":582,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":26,"flow_first_seen":1444570631722,"flow_last_seen":1444570633204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8394,"flow_tot_l4_payload_len":24960,"flow_avg_l4_payload_len":960,"midstream":0,"ts_msec":1444570656700,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":582,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":38,"flow_first_seen":1444570633357,"flow_last_seen":1444570635974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8847,"flow_tot_l4_payload_len":40410,"flow_avg_l4_payload_len":1063,"midstream":0,"ts_msec":1444570656700,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":15,"flow_first_seen":1444570636264,"flow_last_seen":1444570640345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":17,"flow_first_seen":1444570636155,"flow_last_seen":1444570639261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4355,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00548{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":11,"flow_first_seen":1444570640298,"flow_last_seen":1444570645704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":14,"flow_first_seen":1444570636160,"flow_last_seen":1444570639259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":16,"flow_first_seen":1444570636180,"flow_last_seen":1444570636961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":7084,"flow_avg_l4_payload_len":442,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":15,"flow_first_seen":1444570636259,"flow_last_seen":1444570640345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":11,"flow_first_seen":1444570636270,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":360,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00548{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":8,"flow_first_seen":1444570636151,"flow_last_seen":1444570638237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":11,"flow_first_seen":1444570640284,"flow_last_seen":1444570645701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":17,"flow_first_seen":1444570636255,"flow_last_seen":1444570639258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":7052,"flow_avg_l4_payload_len":414,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":17,"flow_first_seen":1444570636248,"flow_last_seen":1444570639255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":16,"flow_first_seen":1444570636359,"flow_last_seen":1444570639256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":18,"flow_first_seen":1444570636364,"flow_last_seen":1444570640403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":11,"flow_first_seen":1444570640310,"flow_last_seen":1444570645707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":14,"flow_first_seen":1444570636170,"flow_last_seen":1444570639257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":13,"flow_first_seen":1444570636252,"flow_last_seen":1444570640344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":305,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":11,"flow_first_seen":1444570640269,"flow_last_seen":1444570645699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":439,"midstream":0,"ts_msec":1444570668729,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":1,"flow_first_seen":1444570669736,"flow_last_seen":1444570669736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570669736,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1444570669736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570669736,"pkt":"ABoRAAACABoRAAABCABFAAA80OhAAEAGQOUKCAABPm3geMfSAbvlsh8HAAAAAKACOQhHhwAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="} 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1444570669745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570669745,"pkt":"ABoRAAACABoRAAABCABFAAAoAiJAABAGP8A+beB4CggAAQG7x9IaTeD45bIfCFAS\/\/+9VQAA"} @@ -249,7 +222,6 @@ 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1444570675945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570675945,"pkt":"ABoRAAACABoRAAABCABFAAAoAm5AABAGOk4+beWeCggAAQG7ynmh52QqXhib1lAS\/\/+1iAAA"} 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1444570675946,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570675946,"pkt":"ABoRAAACABoRAAABCABFAAAoSaVAAEAGwxYKCAABPm3lnsp5AbteGJvWoedkK1AQOQh8gQAA"} 00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":4,"flow_first_seen":1444570675941,"flow_last_seen":1444570675997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570675997,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00548{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":807,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":11,"flow_first_seen":1444570640319,"flow_last_seen":1444570652361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570678760,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":1,"flow_first_seen":1444570679512,"flow_last_seen":1444570679512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570679512,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1444570679512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570679512,"pkt":"ABoRAAACABoRAAABCABFAAA8dLdAAEAGDZsKCAABrfMAbtl1Abugj6duAAAAAKACOQhfOgAAAgQFtAQCCAoATNPZAAAAAAEDAwY="} 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1444570679516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570679516,"pkt":"ABoRAAACABoRAAABCABFAAAoAphAABAGr86t8wBuCggAAQG72XVfcFiRoI+nb1AS\/\/8cNwAA"} @@ -267,10 +239,6 @@ 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1444570694564,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570694564,"pkt":"ABoRAAACABoRAAABCABFAAAoAytAABAGOZE+beWeCggAAQG7yn9kPvUvm8EK0VAS\/\/+1ggAA"} 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1444570694564,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570694564,"pkt":"ABoRAAACABoRAAABCABFAAAo02pAAEAGOVEKCAABPm3lnsp\/AbubwQrRZD71MFAQOQh8ewAA"} 00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":4,"flow_first_seen":1444570694561,"flow_last_seen":1444570694614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570694614,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":11,"flow_first_seen":1444570640330,"flow_last_seen":1444570670371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570699074,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":11,"flow_first_seen":1444570640338,"flow_last_seen":1444570670373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570699074,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":22,"flow_first_seen":1444570674487,"flow_last_seen":1444570675890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570699074,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":533,"midstream":0,"ts_msec":1444570699074,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":1,"flow_first_seen":1444570699074,"flow_last_seen":1444570699074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570699074,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1444570699074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570699074,"pkt":"ABoRAAACABoRAAABCABFAAA8OjpAAEAGn3oKCAABNvEgDrSDAbvRQeFHAAAAAKACOQhpXwAAAgQFtAQCCAoATNt9AAAAAAEDAwY="} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1444570699077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570699077,"pkt":"ABoRAAACABoRAAABCABFAAAoA2VAABAGBmQ28SAOCggAAQG7tIMuvh640UHhSFAS\/\/+YiwAA"} @@ -306,7 +274,6 @@ 00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1310,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":4,"flow_first_seen":1444570700563,"flow_last_seen":1444570700616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570700616,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00837{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":6,"flow_first_seen":1444570700561,"flow_last_seen":1444570700767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00837{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1313,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":6,"flow_first_seen":1444570700563,"flow_last_seen":1444570700767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1404,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":23,"flow_first_seen":1444570679512,"flow_last_seen":1444570680667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":5379,"flow_avg_l4_payload_len":233,"midstream":0,"ts_msec":1444570709696,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":1,"flow_first_seen":1444570712008,"flow_last_seen":1444570712008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570712008,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1444570712008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570712008,"pkt":"ABoRAAACABoRAAABCABFAAA8BPxAAEAGfVYKCAABrfMAbtmHAbtwYOR3AAAAAKACOQhFnAAAAgQFtAQCCAoATOCLAAAAAAEDAwY="} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1444570712012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570712012,"pkt":"ABoRAAACABoRAAABCABFAAAoA7pAABAGrqyt8wBuCggAAQG72YePnxuIcGDkeFAS\/\/8cJQAA"} @@ -332,14 +299,7 @@ 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1491,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":1,"flow_first_seen":1444570719041,"flow_last_seen":1444570719041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570719041,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1444570719041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570719041,"pkt":"ABoRAAACABoRAAABCABFAAA8mB5AAEAGdIkKCAABPm3lnsqTAbu3\/XtaAAAAAKACOQj9rAAAAgQFtAQCCAoATONEAAAAAAEDAwY="} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1444570719047,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570719047,"pkt":"ABoRAAACABoRAAABCABFAAAoA+JAABAGONo+beWeCggAAQG7ypNIAoSlt\/17W1AS\/\/+1bgAA"} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1494,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":8,"flow_first_seen":1444570675941,"flow_last_seen":1444570690940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1444570720045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1494,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":22,"flow_first_seen":1444570693238,"flow_last_seen":1444570694561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570720045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1494,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":8,"flow_first_seen":1444570640382,"flow_last_seen":1444570699865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1444570720045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1494,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":18,"flow_first_seen":1444570640385,"flow_last_seen":1444570699915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570720045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570720045,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGDLwKCAABPm3lnsqTAbu3\/XtbAAAAAFAEAACCJAAA"} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1516,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":8,"flow_first_seen":1444570694561,"flow_last_seen":1444570709697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1444570730075,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1516,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":21,"flow_first_seen":1444570699916,"flow_last_seen":1444570700460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1444570730075,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1516,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":29,"flow_first_seen":1444570699074,"flow_last_seen":1444570705740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7928,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1444570730075,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1516,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":19,"flow_first_seen":1444570637191,"flow_last_seen":1444570728075,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":12464,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1444570730075,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":1,"flow_first_seen":1444570732086,"flow_last_seen":1444570732086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570732086,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1444570732086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570732086,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/tAAEAGidIKCAABPm3geMf2AbvHvWEvAAAAAKACOQgMSwAAAgQFtAQCCAoATObUAAAAAAEDAwY="} @@ -356,45 +316,81 @@ 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1444570738422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAoeOpAAEAGmPcKCAABPm3geMf7AbvAYZI2P55ty1AQOQiEJQAA"} 00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1550,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":4,"flow_first_seen":1444570738415,"flow_last_seen":1444570738424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570738424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1552,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":4,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570738426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1555,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570740247,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570740247,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":22,"flow_first_seen":1444570712008,"flow_last_seen":1444570716597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570740247,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":20,"flow_first_seen":1444570700561,"flow_last_seen":1444570713719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1375,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1444570740247,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":18,"flow_first_seen":1444570700563,"flow_last_seen":1444570713710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570740247,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1555,"source":"webex.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":1,"flow_first_seen":1444570740247,"flow_last_seen":1444570740247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570740247,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1555,"source":"webex.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1444570740247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570740247,"pkt":"ABoRAAACABoRAAABCABFAAAoOklAAEAGn38KCAABNvEgDrSDAbvRQeWULr45ZlAUfHD9HgAA"} 01190{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":6,"flow_first_seen":1444570738415,"flow_last_seen":1444570740300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570740300,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":12,"flow_first_seen":1444570699096,"flow_last_seen":1444570740249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1123,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":10,"flow_first_seen":1444570699101,"flow_last_seen":1444570740248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":83,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":22,"flow_first_seen":1444570637191,"flow_last_seen":1444570733113,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":14432,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":15,"flow_first_seen":1444570636264,"flow_last_seen":1444570640345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":17,"flow_first_seen":1444570636155,"flow_last_seen":1444570639261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4355,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":11,"flow_first_seen":1444570640298,"flow_last_seen":1444570645704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":14,"flow_first_seen":1444570636160,"flow_last_seen":1444570639259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":8,"flow_first_seen":1444570675941,"flow_last_seen":1444570690940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":8,"flow_first_seen":1444570694561,"flow_last_seen":1444570709697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":50,"flow_first_seen":1444570716599,"flow_last_seen":1444570737975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":152,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00547{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":16,"flow_first_seen":1444570636180,"flow_last_seen":1444570636961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":7084,"flow_avg_l4_payload_len":442,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":15,"flow_first_seen":1444570636259,"flow_last_seen":1444570640345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":11,"flow_first_seen":1444570636270,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":360,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":8,"flow_first_seen":1444570636151,"flow_last_seen":1444570638237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":11,"flow_first_seen":1444570640284,"flow_last_seen":1444570645701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","ndpi": {"proto":"Webex","breed":"Acceptable","category":"VoIP"}} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00584{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":17,"flow_first_seen":1444570636255,"flow_last_seen":1444570639258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":7052,"flow_avg_l4_payload_len":414,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":17,"flow_first_seen":1444570636248,"flow_last_seen":1444570639255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":14,"flow_first_seen":1444570632436,"flow_last_seen":1444570633205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":4426,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":17,"flow_first_seen":1444570638225,"flow_last_seen":1444570642072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":5437,"flow_avg_l4_payload_len":319,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":16,"flow_first_seen":1444570636359,"flow_last_seen":1444570639256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":11,"flow_first_seen":1444570640330,"flow_last_seen":1444570670371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":11,"flow_first_seen":1444570640338,"flow_last_seen":1444570670373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":105,"flow_first_seen":1444570669736,"flow_last_seen":1444570738301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":13596,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":513,"flow_first_seen":1444570669745,"flow_last_seen":1444570732084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29642,"flow_tot_l4_payload_len":316364,"flow_avg_l4_payload_len":616,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":22,"flow_first_seen":1444570674487,"flow_last_seen":1444570675890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":23,"flow_first_seen":1444570679512,"flow_last_seen":1444570680667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":5379,"flow_avg_l4_payload_len":233,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":22,"flow_first_seen":1444570693238,"flow_last_seen":1444570694561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":11,"flow_first_seen":1444570732086,"flow_last_seen":1444570734115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":22,"flow_first_seen":1444570712008,"flow_last_seen":1444570716597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":8,"flow_first_seen":1444570640382,"flow_last_seen":1444570699865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":24,"flow_first_seen":1444570738415,"flow_last_seen":1444570742172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14319,"flow_tot_l4_payload_len":34572,"flow_avg_l4_payload_len":1440,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":18,"flow_first_seen":1444570640385,"flow_last_seen":1444570699915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":5,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":18,"flow_first_seen":1444570636364,"flow_last_seen":1444570640403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00548{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":11,"flow_first_seen":1444570640310,"flow_last_seen":1444570645707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":21,"flow_first_seen":1444570699916,"flow_last_seen":1444570700460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":20,"flow_first_seen":1444570700561,"flow_last_seen":1444570713719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1375,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":18,"flow_first_seen":1444570700563,"flow_last_seen":1444570713710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":13,"flow_first_seen":1444570713719,"flow_last_seen":1444570715293,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1011,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":1,"flow_first_seen":1444570740247,"flow_last_seen":1444570740247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00545{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":1,"flow_first_seen":1444570740247,"flow_last_seen":1444570740247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":14,"flow_first_seen":1444570636170,"flow_last_seen":1444570639257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":13,"flow_first_seen":1444570636252,"flow_last_seen":1444570640344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":305,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":11,"flow_first_seen":1444570640269,"flow_last_seen":1444570645699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":30,"flow_first_seen":1444570699074,"flow_last_seen":1444570740247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7928,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":95,"flow_first_seen":1444570624853,"flow_last_seen":1444570630376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17680,"flow_tot_l4_payload_len":87086,"flow_avg_l4_payload_len":916,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":56,"flow_first_seen":1444570627404,"flow_last_seen":1444570630162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17966,"flow_tot_l4_payload_len":106652,"flow_avg_l4_payload_len":1904,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":11,"flow_first_seen":1444570628113,"flow_last_seen":1444570628619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":9,"flow_first_seen":1444570628117,"flow_last_seen":1444570628568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","total-events-serialized":386} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":26,"flow_first_seen":1444570631722,"flow_last_seen":1444570633204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8394,"flow_tot_l4_payload_len":24960,"flow_avg_l4_payload_len":960,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":38,"flow_first_seen":1444570633357,"flow_last_seen":1444570635974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8847,"flow_tot_l4_payload_len":40410,"flow_avg_l4_payload_len":1063,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":439,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00549{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":11,"flow_first_seen":1444570640319,"flow_last_seen":1444570652361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":533,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","total-events-serialized":382} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1580/1580 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 778771 bytes ~~ total detected protocols..: 52 -~~ total active/idle flows...: 58/58 +~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 2368656 bytes -~~ total memory freed........: 2368656 bytes -~~ total allocations/frees...: 37309/37309 +~~ total memory allocated....: 2367040 bytes +~~ total memory freed........: 2367040 bytes +~~ total allocations/frees...: 37306/37306 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 162 chars ~~ json string max len.......: 1652 chars diff --git a/test/results/websocket.pcap.out b/test/results/websocket.pcap.out index 00270e8a7..043ac00ea 100644 --- a/test/results/websocket.pcap.out +++ b/test/results/websocket.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"websocket.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"websocket.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1475155931028,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="} 00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"proto":"WebSocket","breed":"Acceptable","category":"Web"}} diff --git a/test/results/wechat.pcap.out b/test/results/wechat.pcap.out index a4f857419..50ca4f1cc 100644 --- a/test/results/wechat.pcap.out +++ b/test/results/wechat.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wechat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wechat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1492167337792,"flow_last_seen":1492167337792,"flow_idle_time":7440000,"flow_min_l4_payload_len":604,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":604,"midstream":1,"ts_msec":1492167337792,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492167337792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"ts_msec":1492167337792,"pkt":"eJKcD6iO8IQvSpdgCABFoAKQLFpAACwG+e7LzZeiwKgBZwG700RsJQvmFiW5B4AYAQBhCAAAAQEICkXRlQMAMKrIjxNPGb1b2gIOFmmrodrIUGWpRD8pBe\/eyANOuHxnf1oEiCDKQxkU6yvgqiltC85O1YOlf4+boaZn\/v7U0TkR+lQ9a8XEdMtbUDNvRkN1lpLANNJe9T6WEXQRZhhQATyvHXIsPxznFQlv1ayF4fN0Lp1Tv+DnMtPovG4l64Fdnf94BKNh3wpUis\/1aaAJUl4N4QYAa2BN+MLHUIjBfzQomk58kbDVZlQvabo4eeiFrJQbG0CRtmIDLIV4UlMABwm2B+L0SD\/lX+vPdRjlbT0hOePKWkrPVp4oa0GnGMtovp\/3dKKj2adHC1yCvZqzc+T4heafDFJJDxNGnnTZtJeXWQW2\/Wn0xAXZa5xeVmiob7mVi7gQwqB4EyVdzoi+MdLqv1I0FdZ7WKuu9o+r6i7T5KxQ7NhUIRC9KEInuscbFfTp5tcTpkg81VRtJhveR07GYTrLSFchnUCEzbFpCOPEOlfHshGkgemcZqUW0JSeBZoVIhGHuP8IElk+zTdckKSFR7XZosRv+JZpXULghhsYEQIcWSnXEwiNwHqD7SkijDTYTSRARplFy3lQ+I9PYai9e3wxDdj38dt3ZjnYHW+Jgcvyxa81TfaFhCzMBo8JWYVcQLLQCzJJ7po8hcjxwSKSvs1BzLjoAmGIOQCY3cD2niwBo4mLwkfrwM7iYYbbTgCByxdl2XUzXKGTmMiV+yqiF1sadTUF0KDk8zQPlxqASeejWTULCaKDKO7zq0WMvrWWgtPS5+WycvqXy24tfwXRN6su4lzlC8cmzA\/wzbACdxOu6m0puRk6CDMzrA=="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492167337792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167337792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"} @@ -100,12 +100,6 @@ 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1492167367489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167367489,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGZAAEAGxN7AqAFny82XotNNAbtphJenp1y9yYAQAOW6bQAAAQEICgAwyBZFrUyc"} 00847{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":6,"flow_first_seen":1492167366908,"flow_last_seen":1492167367549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167367549,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 01380{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":8,"flow_first_seen":1492167366908,"flow_last_seen":1492167367550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167367550,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00586{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":1,"flow_first_seen":1492167377896,"flow_last_seen":1492167377896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1492167377896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167377896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KM9AAEAGqhzAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT1vHQAAAQEICgAw0kAycerX"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1492167377936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167377936,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0Fj0AADQGCA\/YOs2OwKgBZwG7wnvXK\/KwzDlUhIAQAVQWugAAAQEICjJymzYAMHos"} @@ -133,17 +127,7 @@ 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":1,"flow_first_seen":1492167382020,"flow_last_seen":1492167382020,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167382020,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1492167382020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1492167382020,"pkt":"8IQvSpdgeJKcD6iOCABFAAAokulAAEAGgjbAqAFny82X058kAbutvz98aYB+jlAQAdESKQAA"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1492167382374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1492167382374,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoL8xAAC4G9rPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAQAIMTdgAAAADZK2u8"} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":343,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":41,"flow_first_seen":1492167353687,"flow_last_seen":1492167367265,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5826,"flow_tot_l4_payload_len":23865,"flow_avg_l4_payload_len":582,"midstream":0,"ts_msec":1492167388136,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":343,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":17,"flow_first_seen":1492167353937,"flow_last_seen":1492167367264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167388136,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":343,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":15,"flow_first_seen":1492167355723,"flow_last_seen":1492167367264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1492167388136,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":343,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1492167388136,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":343,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1492167388136,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":343,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1492167388136,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":343,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1492167388136,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1492167397120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167397120,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePJAAEAGFx3AqAFnQOmnvIyxFGy60MyoSq1b+oAQAO0gQAAAAQEICgAw5QaFnXDI"} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":351,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":26,"flow_first_seen":1492167366908,"flow_last_seen":1492167378674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9774,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1492167400811,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":351,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167400811,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":351,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167400811,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":1,"flow_first_seen":1492167400812,"flow_last_seen":1492167400812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167400812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1492167400812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167400812,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8voBAAEAGVrzAqAFny82XotNRAbuSN1YhAAAAAKACchAKOQAAAgQFtAQCCAoAMOihAAAAAAEDAwc="} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":1,"flow_first_seen":1492167401063,"flow_last_seen":1492167401063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167401063,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -159,12 +143,7 @@ 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":4,"flow_first_seen":1492167401063,"flow_last_seen":1492167402310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167402310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00847{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":8,"flow_first_seen":1492167401063,"flow_last_seen":1492167402665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167402665,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":10,"flow_first_seen":1492167401063,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167402666,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":452,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":40,"flow_first_seen":1492167378674,"flow_last_seen":1492167401175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":15799,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1492167421568,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":452,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":39,"flow_first_seen":1492167378926,"flow_last_seen":1492167401170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8225,"flow_tot_l4_payload_len":23125,"flow_avg_l4_payload_len":592,"midstream":0,"ts_msec":1492167421568,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":452,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":17,"flow_first_seen":1492167380581,"flow_last_seen":1492167401124,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167421568,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1492167422952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167422952,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KNBAAEAGqhvAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT2SvQAAAQEICgAw\/kAycps2"} -00576{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":468,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1492167432005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":468,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1492167432005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":468,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":16,"flow_first_seen":1492167338426,"flow_last_seen":1492167413269,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167432005,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":468,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":16,"flow_first_seen":1492167338426,"flow_last_seen":1492167413269,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167432005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":1,"flow_first_seen":1492167440370,"flow_last_seen":1492167440370,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167440370,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} @@ -224,8 +203,23 @@ 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":4,"flow_first_seen":1492167455528,"flow_last_seen":1492167455891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167455891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00847{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":6,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 01380{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":8,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":44,"flow_first_seen":1492167400812,"flow_last_seen":1492167448100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":17075,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":38,"flow_first_seen":1492167401063,"flow_last_seen":1492167448091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":12550,"flow_avg_l4_payload_len":330,"midstream":0,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packets_processed":41,"flow_first_seen":1492167353687,"flow_last_seen":1492167367265,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5826,"flow_tot_l4_payload_len":23865,"flow_avg_l4_payload_len":582,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":17,"flow_first_seen":1492167353937,"flow_last_seen":1492167367264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":15,"flow_first_seen":1492167355723,"flow_last_seen":1492167367264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":26,"flow_first_seen":1492167366908,"flow_last_seen":1492167378674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9774,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":40,"flow_first_seen":1492167378674,"flow_last_seen":1492167401175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":15799,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packets_processed":39,"flow_first_seen":1492167378926,"flow_last_seen":1492167401170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8225,"flow_tot_l4_payload_len":23125,"flow_avg_l4_payload_len":592,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packets_processed":17,"flow_first_seen":1492167380581,"flow_last_seen":1492167401124,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packets_processed":44,"flow_first_seen":1492167400812,"flow_last_seen":1492167448100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":17075,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":38,"flow_first_seen":1492167401063,"flow_last_seen":1492167448091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":12550,"flow_avg_l4_payload_len":330,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":54,"flow_first_seen":1492167452759,"flow_last_seen":1492167467498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":32873,"flow_avg_l4_payload_len":608,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":27,"flow_first_seen":1492167453010,"flow_last_seen":1492167467495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":8726,"flow_avg_l4_payload_len":323,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":86,"flow_first_seen":1492167454457,"flow_last_seen":1492167470188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":60307,"flow_avg_l4_payload_len":701,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -234,9 +228,15 @@ 00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":17,"flow_first_seen":1492167455528,"flow_last_seen":1492167467498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":13,"flow_first_seen":1492167350385,"flow_last_seen":1492167350562,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6290,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":13,"flow_first_seen":1492167351067,"flow_last_seen":1492167352398,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4266,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00576{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":1,"flow_first_seen":1492167617247,"flow_last_seen":1492167617247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -260,12 +260,6 @@ 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1492167619048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167619048,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Dr9AAEAGBobAqAFny82XotNaAbub+DW+SvgsEIARAOUtjAAAAQEICgAxvcBFrgFX"} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167639304,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167639304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":1,"flow_first_seen":1492167619048,"flow_last_seen":1492167619048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167639304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":1,"flow_first_seen":1492167619048,"flow_last_seen":1492167619048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167639304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167639304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167639304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167639304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167639304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":1,"flow_first_seen":1492167639887,"flow_last_seen":1492167639887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167639887,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1492167639887,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167639887,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8T5xAAEAGxaDAqAFny82XotNhAbttdZ2FAAAAAKACchD+DQAAAgQFtAQCCAoAMdIZAAAAAAEDAwc="} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":1,"flow_first_seen":1492167640138,"flow_last_seen":1492167640138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167640138,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -313,477 +307,429 @@ 00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":1,"flow_first_seen":1492167650348,"flow_last_seen":1492167650348,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1492167650348,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1492167650348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"ts_msec":1492167650348,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCbiZAAEARRRnAqAFnrNkXQ4sRAbsBbnP9DSoBZwIONIO7UTAzNQLoUPe6\/kTOTlflPotTtybyc+JAmHNEvZwUaT+Y9MqSJDNXVlUHwBVN0wAQzobHU4rvOkVihYNG2ScjXRicw6QFTtMMe25DwzQ7F0UKP\/Y\/8HMbQmw9b+v7cjBNs8yLamuYyeUaQ6lA73AshAIuQPhL6IslIuIHWs+l0MLo2wd57CZSUFbeEQQGDWtD8b5mwEuaZ88hm8yA3WeZQ9Zu4UUro5Belh+M9DB8RCMbVDEQZk6oJR+FSwF3TriZCorpIzSRESc2crvu7FP1Tb9g0NyoL87e9cFlDFVypNQfdhNO+iEyVuMUtOGb6OQn1vrWvB\/icrLc4DopKhApNyBIG\/+MQmYuPalP+mCA4FXxaPeMi1RdjyuuqxJb39HK+6wmJsCzWDR6cvDTk6ywHmETP0AOjEu+QTifJk6chcMbgKmp0ErfBPvocLYD7Yj8Qw2lL48a1tEWZIz4lw=="} 02257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1492167650401,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1492167650401,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7ixEFTkCsBPCmO80d\/CW5IJoqjbn6lzjr5TC1v3d2foeU3jLNcA4IAV35th92JTinR3E92La4uW3lsByHG3R1axVDDHGrIc2Dhs2S+7aBzkyVbwcuUK77hYdmfJ4TJuEFhTaYjceo9r51oYeJqOHOCc1BBmB5E+A58P\/H55fRg4dxRA9v1f2aVQ6I67HK4M7mS7147fzZ170E12rNhRLBsPAWwZ8U93ZWKjAcVK9waq7ihKZ\/GTyfNPuOCQnhcxCFRMVEx2xx65NSFauaw3a1qVgRV428j6Bchcyom0cvPgxBbWJUmObxkeqmQAFmTPCN6igcJnamWF5CRIXtlRtvIVi8G3Rds0EdWXNYvxaTSkwCziFaIH6mAaz9hCwjxATLUAdqd1Yo+wN5ikpGmpiBzh3Coj125lb7YXMKgdIF\/8K12iKaeICQ1ArpMEt9vvWxk35P363XmPN9SjUjvFqh8rl+ETiuGHzQwTYDZUwFRT8Tnc90FuuWkSHrjLuI78eE0u2MPArYDWbkXnAkM9f\/B1mpEGpwrQCQA0PHuwaHNDaEcqfk+htDhYfF2k76y25VNuFHeOfHnAe8W\/L6MSq0NvvJdxpclRqAM5S2hcBrDwho6FgiBa0XuPrQx61q\/3nmcTSWb0DXXos+FWaLGj1Jg4cyk4xSeKoZfxTTY8qOxPxWcSNcXXGMVMwz3NtJzwB28A6uPq8NBF+APnNiUzkLELf20sskbghw4Wvw2P5GvZ6Z0iUqrAzGSGc0IroovL34w3TMmjBnTPzAWKnwYJxIrcFH65r\/43AXULA7mwVKw7TuryWaAn8PVofDMn5VL+m8Bc4anaE3270Gx7DXXa3CWGylYl6IhspD51Ji7UqD6pJpDanmkxF7QRS0mZz7M+VCAuE5+TvKpba5WKwmCrXKMkHXnBfHSx4yC\/BngUmyj5AqU\/35FBtHK2MhZhT3uv3ixGib\/DhROgxNj\/fCIDmyLmZy6LuI15IWBQr2uiGWD15jLW9srpQ3r\/cpXrjFWrIOILP7BDqFX16AVMtIyhn8QUmpyMBzWR3rPBVnAwwCQUSi7lOuHYSBa2JAApapl8ibPeq+IESORJ2WC1jpiGlKVsyKHvCUxM4DB9CDGl+VMCLfBwTUsv9jC9A0oISxfI+skno\/pMiMhfE+1+tVpq0kVbytQk5I14sgZgoXLliJYkFCOr3ikDyMImPkBDegikF\/nhKUricS6KkRKOBVEDYofUgm6hebzs7TAwbIX0LHGrieMSNYdiZ\/RaP9BKZ7WUS7z8Jvlw3DtdXYHHGY\/9m62j8jgUA89FYp2sdoaRFheoQUmxEE6EpSZHWMo5+AT1rvxDTcNLYyAF\/NKlyP79gaAWae04vlwFQ4Bupkoby3AV8qNrlb42pc54gLBwr2\/V8SfP1Jf8GHKLnbnMMGzz8c8g08IQe\/1e7EH9oyogw0WeUU2ddyxaRPwa4eLAdObHTP\/jn7fsHAYVorRI56TLQ62d12KS2GZw3\/dElBm43NGOyNU1Hp381LUrTlDOWD2CkkP1QCRN+zezQnIAdftR9GtZfdliGgi4n+DRQuugUUjAENUiyLbjua9o3CfXKyGh5RlHt3r219Xp7bzpU2Sa3x2tOlotON5hkk2pmORaeO3NrbIHwpGOzFl20\/4Mhk6xhdUZeHJoEN7V1+kqNLH9CANDu7wpMSMlhqJfpnckBvaCh9BXX3VOJErUyDwJ\/yEG1ZNKGdvcDhAfCDrZsIbxElU8wBdoFg5g3GjSgWUZyHIUdESjz3nA05zyGh0UQ5UNTBZNmAzAGEZvPJPDUf"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":1,"flow_first_seen":1492167654504,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167654504,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167654504,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsBAAEAGBoXAqAFny82XotNaAbub+DW+SvgsEIARAOUK7AAAAQEICgAx4GBFrgFX"} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1012,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":26,"flow_first_seen":1492167617248,"flow_last_seen":1492167640200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1492167662038,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1012,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167662038,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1012,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167662038,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1492167669545,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"ts_msec":1492167669545,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwPUUAAIARd2TAqAFkwKgB\/wCKAIoA3H9oEQ7+\/cCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1023,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":1,"flow_first_seen":1492167654504,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167678290,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1023,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":1,"flow_first_seen":1492167654504,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167678290,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":73,"flow_first_seen":1492167639887,"flow_last_seen":1492167667658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":39199,"flow_avg_l4_payload_len":536,"midstream":0,"ts_msec":1492167690433,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":7,"flow_first_seen":1492167640138,"flow_last_seen":1492167662040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167690433,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":7,"flow_first_seen":1492167640138,"flow_last_seen":1492167662040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167690433,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167654504,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsBAAEAGBoXAqAFny82XotNaAbub+DW+SvgsEIARAOUK7AAAAQEICgAx4GBFrgFX"} +00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1492167669545,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"ts_msec":1492167669545,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwPUUAAIARd2TAqAFkwKgB\/wCKAIoA3H9oEQ7+\/cCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1492167690433,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"ts_msec":1492167690433,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9oAAAEC8bHAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1044,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":1,"flow_first_seen":1492167695237,"flow_last_seen":1492167695237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167695237,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1492167695237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167695237,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUpAAEAGv\/rAqAFny82XotNiAbsbK4cf8lL5uoARAOVfYAAAAQEICgAyCCdF8j82"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":1,"flow_first_seen":1492167695237,"flow_last_seen":1492167695237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167695237,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1492167695237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695237,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8M9xAAEAG4WDAqAFny82XotNlAbtEgzv7AAAAAKACchBSeAAAAgQFtAQCCAoAMggnAAAAAAEDAwc="} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":1,"flow_first_seen":1492167695488,"flow_last_seen":1492167695488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167695488,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1492167695488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695488,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8xuRAAEAGTljAqAFny82XotNmAbsIrs6CAAAAAKACchD7hQAAAgQFtAQCCAoAMghmAAAAAAEDAwc="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1492167695550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167695550,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0ZdRAACwGwtDLzZeiwKgBZwG702LyUvm6GyuHIIAQAHA\/GwAAAQEICkXyX\/AAMggn"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695562,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702WgJJlmRIM7\/KASN8ga\/wAAAgQFoAQCCApF0vJmADIIJwEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167695562,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M91AAEAG4WfAqAFny82XotNlAbtEgzv8oCSZZ4AQAOWASQAAAQEICgAyCHhF0vJm"} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":4,"flow_first_seen":1492167695237,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167695562,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1492167695854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695854,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702aaLHzgCK7Og6ASN8jmSwAAAgQFoAQCCApF0vKlADIIZgEDAwc="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1492167695854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167695854,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xuVAAEAGTl\/AqAFny82XotNmAbsIrs6Dmix84YAQAOVLjAAAAQEICgAyCMFF0vKl"} -00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":6,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":8,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":4,"flow_first_seen":1492167695488,"flow_last_seen":1492167696636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167696636,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":6,"flow_first_seen":1492167695488,"flow_last_seen":1492167697005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167697005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":8,"flow_first_seen":1492167695488,"flow_last_seen":1492167697006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167697006,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":1,"flow_first_seen":1492167695237,"flow_last_seen":1492167695237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167695237,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1492167695237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695237,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8M9xAAEAG4WDAqAFny82XotNlAbtEgzv7AAAAAKACchBSeAAAAgQFtAQCCAoAMggnAAAAAAEDAwc="} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":1,"flow_first_seen":1492167695488,"flow_last_seen":1492167695488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167695488,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1492167695488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695488,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8xuRAAEAGTljAqAFny82XotNmAbsIrs6CAAAAAKACchD7hQAAAgQFtAQCCAoAMghmAAAAAAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695562,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702WgJJlmRIM7\/KASN8ga\/wAAAgQFoAQCCApF0vJmADIIJwEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167695562,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M91AAEAG4WfAqAFny82XotNlAbtEgzv8oCSZZ4AQAOWASQAAAQEICgAyCHhF0vJm"} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":4,"flow_first_seen":1492167695237,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167695562,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1492167695854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695854,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702aaLHzgCK7Og6ASN8jmSwAAAgQFoAQCCApF0vKlADIIZgEDAwc="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1492167695854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167695854,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xuVAAEAGTl\/AqAFny82XotNmAbsIrs6Dmix84YAQAOVLjAAAAQEICgAyCMFF0vKl"} +00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":6,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":8,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":4,"flow_first_seen":1492167695488,"flow_last_seen":1492167696636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167696636,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":6,"flow_first_seen":1492167695488,"flow_last_seen":1492167697005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167697005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":8,"flow_first_seen":1492167695488,"flow_last_seen":1492167697006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167697006,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1492167697384,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492167697384,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":1,"flow_first_seen":1492167720101,"flow_last_seen":1492167720101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167720101,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1492167720101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720101,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8R8JAAEAGzXrAqAFny82XotNnAbsR+WetAAAAAKACchBBBgAAAgQFtAQCCAoAMiBvAAAAAAEDAwc="} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":1,"flow_first_seen":1492167720353,"flow_last_seen":1492167720353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167720353,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1492167720353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720353,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8TqBAAEAGxpzAqAFny82XotNoAbuP9m4OAAAAAKACchC8ZwAAAgQFtAQCCAoAMiCuAAAAAAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720458,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702cUBmdaEflnrqASN8gU+wAAAgQFoAQCCApFrqVHADIgbwEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167720458,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8NAAEAGzYHAqAFny82XotNnAbsR+WeuFAZnW4AQAOV6PQAAAQEICgAyIMhFrqVH"} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":4,"flow_first_seen":1492167720101,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167720458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1492167720700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720700,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702hvZooej\/ZuD6ASN8iscAAAAgQFoAQCCApF0wrqADIgrgEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1492167720700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167720700,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqFAAEAGxqPAqAFny82XotNoAbuP9m4Pb2aKH4AQAOURtQAAAQEICgAyIQVF0wrq"} -00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":6,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":8,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":4,"flow_first_seen":1492167720353,"flow_last_seen":1492167722010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167722010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":8,"flow_first_seen":1492167720353,"flow_last_seen":1492167722364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167722364,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01382{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":10,"flow_first_seen":1492167720353,"flow_last_seen":1492167722365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167722365,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00574{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1178,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167729159,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1178,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167729159,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1178,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":2,"flow_first_seen":1492167695237,"flow_last_seen":1492167695550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167729159,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1178,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":2,"flow_first_seen":1492167695237,"flow_last_seen":1492167695550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167729159,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":1,"flow_first_seen":1492167720101,"flow_last_seen":1492167720101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167720101,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1492167720101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720101,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8R8JAAEAGzXrAqAFny82XotNnAbsR+WetAAAAAKACchBBBgAAAgQFtAQCCAoAMiBvAAAAAAEDAwc="} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":1,"flow_first_seen":1492167720353,"flow_last_seen":1492167720353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167720353,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1492167720353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720353,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8TqBAAEAGxpzAqAFny82XotNoAbuP9m4OAAAAAKACchC8ZwAAAgQFtAQCCAoAMiCuAAAAAAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720458,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702cUBmdaEflnrqASN8gU+wAAAgQFoAQCCApFrqVHADIgbwEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167720458,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8NAAEAGzYHAqAFny82XotNnAbsR+WeuFAZnW4AQAOV6PQAAAQEICgAyIMhFrqVH"} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":4,"flow_first_seen":1492167720101,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167720458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1492167720700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720700,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702hvZooej\/ZuD6ASN8iscAAAAgQFoAQCCApF0wrqADIgrgEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1492167720700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167720700,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqFAAEAGxqPAqAFny82XotNoAbuP9m4Pb2aKH4AQAOURtQAAAQEICgAyIQVF0wrq"} +00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":6,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":8,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":4,"flow_first_seen":1492167720353,"flow_last_seen":1492167722010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167722010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":8,"flow_first_seen":1492167720353,"flow_last_seen":1492167722364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167722364,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01382{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":10,"flow_first_seen":1492167720353,"flow_last_seen":1492167722365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167722365,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":12,"flow_first_seen":1492167641988,"flow_last_seen":1492167713329,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167739709,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":12,"flow_first_seen":1492167641988,"flow_last_seen":1492167713329,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":24,"flow_first_seen":1492167648277,"flow_last_seen":1492167720406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":7446,"flow_avg_l4_payload_len":310,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":36,"flow_first_seen":1492167695237,"flow_last_seen":1492167720429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":12571,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":18,"flow_first_seen":1492167695488,"flow_last_seen":1492167720468,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00518{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":2,"flow_first_seen":1492167440370,"flow_last_seen":1492167690433,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00520{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":8,"flow_first_seen":1492167440984,"flow_last_seen":1492167695144,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00519{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":2,"flow_first_seen":1492167449288,"flow_last_seen":1492167697384,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3552,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1492167765155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765155,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8EUFAAEARpLrAqAFnwKgB\/uvEADUAKLhvU\/MBAAABAAAAAAAAA3dlYgZ3ZWNoYXQDY29tAAABAAE="} -00713{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1492167765432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":391,"pkt_l4_len":357,"ts_msec":1492167765432,"pkt":"eJKcD6iO8IQvSpdgCABFoAF5AABAAEARtB7AqAH+wKgBZwA168QBZQj\/U\/OBgAABAAMABAALA3dlYgZ3ZWNoYXQDY29tAAABAAHADAAFAAEAAAJYAAcEd2ViMcAQwCwAAQABAAACWAAEy82Tq8AsAAEAAQAAAlgABMvNl6LALAACAAEAAU8CAA0HbnMtdGVsMQJxccAXwCwAAgABAAFPAgAKB25zLWNuYzHAZ8AsAAIAAQABTwIACQZucy1vczHAZ8AsAAIAAQABTwIACgducy1jbW4xwGfAjgABAAEAAAFuAAS4ac55wI4AAQABAAABbgAEy82TmMCOAAEAAQAAAW4ABMvNsDrAjgABAAEAAAFuAARnBx7vwKMAAQABAAANPgAEtv5vZMCjAAEAAQAADT4ABLfoeDvAowABAAEAAA0+AAS2\/hBmwHgAAQABAAABmAAEb6Frw8B4AAEAAQAAAZgABG+haBHAXwABAAEAAAFuAAS2jLiMwF8AAQABAAABbgAEtwK6mQ=="} -00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492167765432,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.147.171"}} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":1,"flow_first_seen":1492167765433,"flow_last_seen":1492167765433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167765433,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1492167765433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765433,"pkt":"8IQvSpdgeJKcD6iOCABFAAA88RZAAEAGKB3AqAFny82Tq+K0AbvYTb2iAAAAAKACchDtIAAAAgQFtAQCCAoAMky0AAAAAAEDAwc="} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":1,"flow_first_seen":1492167765657,"flow_last_seen":1492167765657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167765657,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1492167765657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765657,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8ZwNAAEAGsjDAqAFny82Tq+K1Abs3CyvvAAAAAKACchAf3gAAAgQFtAQCCAoAMkzsAAAAAAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765701,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rSlk19z2E29o6ASN8g4AQAAAgQFoAQCCApF8qRxADJMtAEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167765701,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RdAAEAGKCTAqAFny82Tq+K0AbvYTb2jpZNfdIAQAOWdWQAAAQEICgAyTPdF8qRx"} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":4,"flow_first_seen":1492167765433,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167765701,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1492167765933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765933,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rU+QocNNwsr8KASN8h9cwAAAgQFoAQCCApFrtG3ADJM7AEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1492167765933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167765933,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwRAAEAGsjfAqAFny82Tq+K1Abs3CyvwPkKHDoAQAOXiyQAAAQEICgAyTTFFrtG3"} -00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":6,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":8,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":50,"flow_first_seen":1492167720101,"flow_last_seen":1492167748133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":27649,"flow_avg_l4_payload_len":552,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":18,"flow_first_seen":1492167720353,"flow_last_seen":1492167748129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":1,"flow_first_seen":1492167776953,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167776953,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167776953,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8k9VAAEAGhV7AqAFny82Tq+K2AbuZa8QhAAAAAKACchAaQgAAAgQFtAQCCAoAMlf0AAAAAAEDAwc="} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":1,"flow_first_seen":1492167777204,"flow_last_seen":1492167777204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167777204,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1492167777204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167777204,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XvpAAEAGujnAqAFny82Tq+K3Abv08QbJAAAAAKACchB71AAAAgQFtAQCCAoAMlgzAAAAAAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167777220,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rYX2Lh9mWvEIqASN8j8PgAAAgQFoAQCCApF00IlADJX9AEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167777220,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0k9ZAAEAGhWXAqAFny82Tq+K2AbuZa8QiF9i4foAQAOVhlwAAAQEICgAyWDdF00Il"} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":4,"flow_first_seen":1492167776953,"flow_last_seen":1492167777221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167777221,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1492167777476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167777476,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74reza+A99PEGyqASN8j\/yAAAAgQFoAQCCApFrtz+ADJYMwEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1492167777476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167777476,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XvtAAEAGukDAqAFny82Tq+K3Abv08QbKs2vgPoAQAOVlIAAAAQEICgAyWHdFrtz+"} -00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":6,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":8,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1492167788126,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167788126,"pkt":"AQBeAAD70CeIF3AECABFoABEPYcAAAER2HrAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} -00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":1,"flow_first_seen":1492167788128,"flow_last_seen":1492167788128,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788128,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1492167788128,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167788128,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":1,"flow_first_seen":1492167788128,"flow_last_seen":1492167788128,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788128,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1492167789152,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167789152,"pkt":"AQBeAAD70CeIF3AECABFoABEPhsAAAER1+bAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1492167789153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167789153,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1492167789154,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167789154,"pkt":"AQBeAAD70CeIF3AECABFoABEPiIAAAER19\/AqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1492167789157,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167789157,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":1,"flow_first_seen":1492167795087,"flow_last_seen":1492167795087,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795087,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1492167795087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1492167795087,"pkt":"AQBeAAD80CeIF3AECABFoAA4QcoAAAER1ELAqAFk4AAA\/NNsFOsAJPA+T9YAAAABAAAAAAAACmxiamFtd3B0eHoAAAEAAQ=="} -00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":1,"flow_first_seen":1492167795087,"flow_last_seen":1492167795087,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795087,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":1,"flow_first_seen":1492167795088,"flow_last_seen":1492167795088,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795088,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1492167795088,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795088,"pkt":"AQBeAAD80CeIF3AECABFoAA2QcsAAAER1EPAqAFk4AAA\/MKoFOsAIsj\/\/HMAAAABAAAAAAAACGNhbnNhcWNxAAABAAE="} -00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":1,"flow_first_seen":1492167795088,"flow_last_seen":1492167795088,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795088,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":1,"flow_first_seen":1492167795090,"flow_last_seen":1492167795090,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795090,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1492167795090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795090,"pkt":"AQBeAAD80CeIF3AECABFoAA2QcwAAAER1ELAqAFk4AAA\/OA5FOsAIm9WRGIAAAABAAAAAAAACG1jenRtcGtjAAABAAE="} -00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":1,"flow_first_seen":1492167795090,"flow_last_seen":1492167795090,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795090,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":1,"flow_first_seen":1492167795091,"flow_last_seen":1492167795091,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795091,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1492167795091,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"ts_msec":1492167795091,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACQRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxQgU6wAk8ypP1gAAAAEAAAAAAAAKbGJqYW13cHR4egAAAQAB"} -00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":1,"flow_first_seen":1492167795091,"flow_last_seen":1492167795091,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795091,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":1,"flow_first_seen":1492167795092,"flow_last_seen":1492167795092,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795092,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1492167795092,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795092,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADwCsU6wAiwAT8cwAAAAEAAAAAAAAIY2Fuc2FxY3EAAAEAAQ=="} -00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":1,"flow_first_seen":1492167795092,"flow_last_seen":1492167795092,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795092,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":1,"flow_first_seen":1492167795095,"flow_last_seen":1492167795095,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795095,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1492167795095,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795095,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxZEU6wAifoZEYgAAAAEAAAAAAAAIbWN6dG1wa2MAAAEAAQ=="} -00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":1,"flow_first_seen":1492167795095,"flow_last_seen":1492167795095,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795095,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1492167795096,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1492167795096,"pkt":"AQBeAAD80CeIF3AECABFoAA4Qc0AAAER1D\/AqAFk4AAA\/NNsFOsAJPA+T9YAAAABAAAAAAAACmxiamFtd3B0eHoAAAEAAQ=="} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1492167795098,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"ts_msec":1492167795098,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACQRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxQgU6wAk8ypP1gAAAAEAAAAAAAAKbGJqYW13cHR4egAAAQAB"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1492167795099,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795099,"pkt":"AQBeAAD80CeIF3AECABFoAA2Qc4AAAER1EDAqAFk4AAA\/OA5FOsAIm9WRGIAAAABAAAAAAAACG1jenRtcGtjAAABAAE="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1492167795100,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795100,"pkt":"AQBeAAD80CeIF3AECABFoAA2Qc8AAAER1D\/AqAFk4AAA\/MKoFOsAIsj\/\/HMAAAABAAAAAAAACGNhbnNhcWNxAAABAAE="} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1492167795102,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795102,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxZEU6wAifoZEYgAAAAEAAAAAAAAIbWN6dG1wa2MAAAEAAQ=="} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1492167795103,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795103,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADwCsU6wAiwAT8cwAAAAEAAAAAAAAIY2Fuc2FxY3EAAAEAAQ=="} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1492167795292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1492167795292,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdAAAIARc3vAqAFkwKgB\/wCJAIkAOgI3\/v8BEAABAAAAAAAAIEVNRUNFS0VCRU5GSEZBRkVGSUZLQ0FDQUNBQ0FDQUFBAAAgAAE="} -00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1375,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1492167795294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1492167795294,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdEAAIARc3rAqAFkwKgB\/wCJAIkAOgw8\/wABEAABAAAAAAAAIEVORURGS0ZFRU5GQUVMRURDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1492167795295,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1492167795295,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdIAAIARc3nAqAFkwKgB\/wCJAIkAOio7\/wEBEAABAAAAAAAAIEVERUJFT0ZERUJGQkVERkJDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1383,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":26,"flow_first_seen":1492167765433,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9786,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":1492167799176,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1383,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167799176,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1383,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167799176,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1492167765155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765155,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8EUFAAEARpLrAqAFnwKgB\/uvEADUAKLhvU\/MBAAABAAAAAAAAA3dlYgZ3ZWNoYXQDY29tAAABAAE="} +00713{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1492167765432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":391,"pkt_l4_len":357,"ts_msec":1492167765432,"pkt":"eJKcD6iO8IQvSpdgCABFoAF5AABAAEARtB7AqAH+wKgBZwA168QBZQj\/U\/OBgAABAAMABAALA3dlYgZ3ZWNoYXQDY29tAAABAAHADAAFAAEAAAJYAAcEd2ViMcAQwCwAAQABAAACWAAEy82Tq8AsAAEAAQAAAlgABMvNl6LALAACAAEAAU8CAA0HbnMtdGVsMQJxccAXwCwAAgABAAFPAgAKB25zLWNuYzHAZ8AsAAIAAQABTwIACQZucy1vczHAZ8AsAAIAAQABTwIACgducy1jbW4xwGfAjgABAAEAAAFuAAS4ac55wI4AAQABAAABbgAEy82TmMCOAAEAAQAAAW4ABMvNsDrAjgABAAEAAAFuAARnBx7vwKMAAQABAAANPgAEtv5vZMCjAAEAAQAADT4ABLfoeDvAowABAAEAAA0+AAS2\/hBmwHgAAQABAAABmAAEb6Frw8B4AAEAAQAAAZgABG+haBHAXwABAAEAAAFuAAS2jLiMwF8AAQABAAABbgAEtwK6mQ=="} +00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492167765432,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.147.171"}} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":1,"flow_first_seen":1492167765433,"flow_last_seen":1492167765433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167765433,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1492167765433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765433,"pkt":"8IQvSpdgeJKcD6iOCABFAAA88RZAAEAGKB3AqAFny82Tq+K0AbvYTb2iAAAAAKACchDtIAAAAgQFtAQCCAoAMky0AAAAAAEDAwc="} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":1,"flow_first_seen":1492167765657,"flow_last_seen":1492167765657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167765657,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1492167765657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765657,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8ZwNAAEAGsjDAqAFny82Tq+K1Abs3CyvvAAAAAKACchAf3gAAAgQFtAQCCAoAMkzsAAAAAAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765701,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rSlk19z2E29o6ASN8g4AQAAAgQFoAQCCApF8qRxADJMtAEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167765701,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RdAAEAGKCTAqAFny82Tq+K0AbvYTb2jpZNfdIAQAOWdWQAAAQEICgAyTPdF8qRx"} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":4,"flow_first_seen":1492167765433,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167765701,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1492167765933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765933,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rU+QocNNwsr8KASN8h9cwAAAgQFoAQCCApFrtG3ADJM7AEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1492167765933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167765933,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwRAAEAGsjfAqAFny82Tq+K1Abs3CyvwPkKHDoAQAOXiyQAAAQEICgAyTTFFrtG3"} +00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":6,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":8,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":26,"flow_first_seen":1492167617248,"flow_last_seen":1492167640200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":1,"flow_first_seen":1492167776953,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167776953,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167776953,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8k9VAAEAGhV7AqAFny82Tq+K2AbuZa8QhAAAAAKACchAaQgAAAgQFtAQCCAoAMlf0AAAAAAEDAwc="} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":1,"flow_first_seen":1492167777204,"flow_last_seen":1492167777204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167777204,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1492167777204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167777204,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XvpAAEAGujnAqAFny82Tq+K3Abv08QbJAAAAAKACchB71AAAAgQFtAQCCAoAMlgzAAAAAAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167777220,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rYX2Lh9mWvEIqASN8j8PgAAAgQFoAQCCApF00IlADJX9AEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167777220,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0k9ZAAEAGhWXAqAFny82Tq+K2AbuZa8QiF9i4foAQAOVhlwAAAQEICgAyWDdF00Il"} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":4,"flow_first_seen":1492167776953,"flow_last_seen":1492167777221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167777221,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1492167777476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167777476,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74reza+A99PEGyqASN8j\/yAAAAgQFoAQCCApFrtz+ADJYMwEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1492167777476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167777476,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XvtAAEAGukDAqAFny82Tq+K3Abv08QbKs2vgPoAQAOVlIAAAAQEICgAyWHdFrtz+"} +00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":6,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":8,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":73,"flow_first_seen":1492167639887,"flow_last_seen":1492167667658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":39199,"flow_avg_l4_payload_len":536,"midstream":0,"ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1492167788126,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167788126,"pkt":"AQBeAAD70CeIF3AECABFoABEPYcAAAER2HrAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":1,"flow_first_seen":1492167788128,"flow_last_seen":1492167788128,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788128,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1492167788128,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167788128,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":1,"flow_first_seen":1492167788128,"flow_last_seen":1492167788128,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788128,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1492167789152,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167789152,"pkt":"AQBeAAD70CeIF3AECABFoABEPhsAAAER1+bAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1492167789153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167789153,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1492167789154,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167789154,"pkt":"AQBeAAD70CeIF3AECABFoABEPiIAAAER19\/AqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1492167789157,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167789157,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":1,"flow_first_seen":1492167795087,"flow_last_seen":1492167795087,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795087,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1492167795087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1492167795087,"pkt":"AQBeAAD80CeIF3AECABFoAA4QcoAAAER1ELAqAFk4AAA\/NNsFOsAJPA+T9YAAAABAAAAAAAACmxiamFtd3B0eHoAAAEAAQ=="} +00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":1,"flow_first_seen":1492167795087,"flow_last_seen":1492167795087,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795087,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":1,"flow_first_seen":1492167795088,"flow_last_seen":1492167795088,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795088,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1492167795088,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795088,"pkt":"AQBeAAD80CeIF3AECABFoAA2QcsAAAER1EPAqAFk4AAA\/MKoFOsAIsj\/\/HMAAAABAAAAAAAACGNhbnNhcWNxAAABAAE="} +00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":1,"flow_first_seen":1492167795088,"flow_last_seen":1492167795088,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795088,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":1,"flow_first_seen":1492167795090,"flow_last_seen":1492167795090,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795090,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1492167795090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795090,"pkt":"AQBeAAD80CeIF3AECABFoAA2QcwAAAER1ELAqAFk4AAA\/OA5FOsAIm9WRGIAAAABAAAAAAAACG1jenRtcGtjAAABAAE="} +00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":1,"flow_first_seen":1492167795090,"flow_last_seen":1492167795090,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795090,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":1,"flow_first_seen":1492167795091,"flow_last_seen":1492167795091,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795091,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1492167795091,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"ts_msec":1492167795091,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACQRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxQgU6wAk8ypP1gAAAAEAAAAAAAAKbGJqYW13cHR4egAAAQAB"} +00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":1,"flow_first_seen":1492167795091,"flow_last_seen":1492167795091,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795091,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":1,"flow_first_seen":1492167795092,"flow_last_seen":1492167795092,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795092,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1492167795092,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795092,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADwCsU6wAiwAT8cwAAAAEAAAAAAAAIY2Fuc2FxY3EAAAEAAQ=="} +00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":1,"flow_first_seen":1492167795092,"flow_last_seen":1492167795092,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795092,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":1,"flow_first_seen":1492167795095,"flow_last_seen":1492167795095,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795095,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1492167795095,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795095,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxZEU6wAifoZEYgAAAAEAAAAAAAAIbWN6dG1wa2MAAAEAAQ=="} +00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":1,"flow_first_seen":1492167795095,"flow_last_seen":1492167795095,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795095,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1492167795096,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1492167795096,"pkt":"AQBeAAD80CeIF3AECABFoAA4Qc0AAAER1D\/AqAFk4AAA\/NNsFOsAJPA+T9YAAAABAAAAAAAACmxiamFtd3B0eHoAAAEAAQ=="} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1492167795098,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"ts_msec":1492167795098,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACQRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxQgU6wAk8ypP1gAAAAEAAAAAAAAKbGJqYW13cHR4egAAAQAB"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1492167795099,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795099,"pkt":"AQBeAAD80CeIF3AECABFoAA2Qc4AAAER1EDAqAFk4AAA\/OA5FOsAIm9WRGIAAAABAAAAAAAACG1jenRtcGtjAAABAAE="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1492167795100,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795100,"pkt":"AQBeAAD80CeIF3AECABFoAA2Qc8AAAER1D\/AqAFk4AAA\/MKoFOsAIsj\/\/HMAAAABAAAAAAAACGNhbnNhcWNxAAABAAE="} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1492167795102,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795102,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxZEU6wAifoZEYgAAAAEAAAAAAAAIbWN6dG1wa2MAAAEAAQ=="} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1492167795103,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795103,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADwCsU6wAiwAT8cwAAAAEAAAAAAAAIY2Fuc2FxY3EAAAEAAQ=="} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1492167795292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1492167795292,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdAAAIARc3vAqAFkwKgB\/wCJAIkAOgI3\/v8BEAABAAAAAAAAIEVNRUNFS0VCRU5GSEZBRkVGSUZLQ0FDQUNBQ0FDQUFBAAAgAAE="} +00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1375,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1492167795294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1492167795294,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdEAAIARc3rAqAFkwKgB\/wCJAIkAOgw8\/wABEAABAAAAAAAAIEVORURGS0ZFRU5GQUVMRURDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1492167795295,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1492167795295,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdIAAIARc3nAqAFkwKgB\/wCJAIkAOio7\/wEBEAABAAAAAAAAIEVERUJFT0ZERUJGQkVERkJDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00574{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167814830,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167814830,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167814830,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167814830,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1492167815567,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"ts_msec":1492167815567,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9sAAAEC8bDAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1492167820408,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492167820408,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":59,"flow_first_seen":1492167776953,"flow_last_seen":1492167815112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":25818,"flow_avg_l4_payload_len":437,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":7,"flow_first_seen":1492167777204,"flow_last_seen":1492167799180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":7,"flow_first_seen":1492167777204,"flow_last_seen":1492167799180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3552,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1412,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packets_processed":1,"flow_first_seen":1492167844200,"flow_last_seen":1492167844200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167844200,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1492167844200,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167844200,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Xv5AAEAGuj3AqAFny82Tq+K3Abv08QbJs2vgP4AQAOUOxgAAAQEICgAymaBFrvIv"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1492167844485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167844485,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0W3NAAC8GzijLzZOrwKgBZwG74reza+A\/9PEGyoAQAHAO8gAAAQEICkWvHm4AMm2p"} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492167848542,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1492167848542,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1492167848542,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADlWmgAAIARWkzAqAFkwKgB\/wCKAIoA0eSKEQ7\/A8CoAWQAigC7AAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwCA\/AoAR0lPVkFOTkktUEMAAAAAAAYBAxIFAA8BVaoA"} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492167848542,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":1,"flow_first_seen":1492167849769,"flow_last_seen":1492167849769,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167849769,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1492167849769,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1492167849769,"pkt":"MzMAAAACuHgu4toHht1gCKryABA6\/\/6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAChQD\/swAAAAABAbh4LuLaBw=="} -00565{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":1,"flow_first_seen":1492167849769,"flow_last_seen":1492167849769,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167849769,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492167851002,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1492167851002,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1492167851002,"pkt":"\/\/\/\/\/\/\/\/uHgu4toHCABFAAFI3+EAAP8R2sMAAAAA\/\/\/\/\/wBEAEMBNOAUAQEGADPq6ioAAAAAAAAAAAAAAAAAAAAAAAAAALh4LuLaBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAbh4LuLaBzIEwKgBajMEAHanAAwOaVBob25lZGlNb25pY2H\/AAAAAAAA"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492167851002,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252"}} -00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167851203,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1492167851203,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1492167851203,"pkt":"MzP\/hmxbuHgu4toHht1gAAAAACA6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/hmxbhwDa5wAAAAD+gAAAAAAAAAhCo\/OihmxbDgE+iVJ12j4="} -00553{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167851203,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1492167851204,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"ts_msec":1492167851204,"pkt":"MzMAAAACuHgu4toHht1gCL93AAg6\/\/6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAChQDCHwAAAAA="} -00531{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} -00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1492167852023,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":110,"pkt_l4_len":48,"ts_msec":1492167852023,"pkt":"MzMAAAAWuHgu4toHht1gAAAAADgAAf6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAPHlAAAAAgQAAAD\/AgAAAAAAAAAAAAL\/tFRbBAAAAP8CAAAAAAAAAAAAAf+GbFs="} -00566{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492167865541,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1492167865974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167865974,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Xv9AAEAGujzAqAFny82Tq+K3Abv08QbKs2vgP4ARAOXNQQAAAQEICgAyruNFrx5u"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":1,"flow_first_seen":1492167865975,"flow_last_seen":1492167865975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167865975,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1492167865975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167865975,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cVZAAEAGp93AqAFny82Tq+K4AbvAQN+1AAAAAKACchCA5wAAAgQFtAQCCAoAMq7jAAAAAAEDAwc="} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":1,"flow_first_seen":1492167866226,"flow_last_seen":1492167866226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167866226,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1492167866226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167866226,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8hOdAAEAGlEzAqAFny82Tq+K5AbuucSvFAAAAAKACchBGZwAAAgQFtAQCCAoAMq8iAAAAAAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167866243,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rhfZ1wawEDftqASN8iGUwAAAgQFoAQCCApFrzOuADKu4wEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167866243,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVdAAEAGp+TAqAFny82Tq+K4AbvAQN+2X2dcG4AQAOXrqwAAAQEICgAyryZFrzOu"} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":4,"flow_first_seen":1492167865975,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167866243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1492167866495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167866495,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rl6NAw+rnErxqASN8iAowAAAgQFoAQCCApFrzPtADKvIgEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1492167866495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167866495,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOhAAEAGlFPAqAFny82Tq+K5AbuucSvGejQMP4AQAOXl+wAAAQEICgAyr2VFrzPt"} -00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":6,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":8,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":6,"flow_first_seen":1492167866226,"flow_last_seen":1492167871050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492167871050,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":8,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01382{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":10,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":10,"flow_first_seen":1492167788126,"flow_last_seen":1492167840351,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":400,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167878856,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":10,"flow_first_seen":1492167788128,"flow_last_seen":1492167840352,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":400,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167878856,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":1,"flow_first_seen":1492167905310,"flow_last_seen":1492167905310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167905310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1492167905310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905310,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8Y7pAAEAGtXnAqAFny82Tq+K6AbsLFrb3AAAAAKACchA4ZAAAAgQFtAQCCAoAMtVNAAAAAAEDAwc="} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":1,"flow_first_seen":1492167905561,"flow_last_seen":1492167905561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167905561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1492167905561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905561,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8gtZAAEAGll3AqAFny82Tq+K7AbsB+ldaAAAAAKACchCg3QAAAgQFtAQCCAoAMtWMAAAAAAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1492167905585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905585,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rpcdpBKCxa2+KASN8jmJgAAAgQFoAQCCApFr1oYADLVTQEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1492167905585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167905585,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Y7tAAEAGtYDAqAFny82Tq+K6AbsLFrb4XHaQS4AQAOVLfQAAAQEICgAy1ZJFr1oY"} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":4,"flow_first_seen":1492167905310,"flow_last_seen":1492167905586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167905586,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1492167905858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905858,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rtG\/8zAAfpXW6ASN8gnXAAAAgQFoAQCCApFr1pdADLVjAEDAwc="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1492167905858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167905858,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0gtdAAEAGlmTAqAFny82Tq+K7AbsB+ldbRv\/MwYAQAOWMrQAAAQEICgAy1dZFr1pd"} -00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packets_processed":9,"flow_first_seen":1492167844200,"flow_last_seen":1492167891944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167916810,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packets_processed":9,"flow_first_seen":1492167844200,"flow_last_seen":1492167891944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167916810,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00521{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} -00532{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} -00534{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1552,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":1,"flow_first_seen":1492167918120,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167918120,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1552,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167918120,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XwZAAEAGujXAqAFny82Tq+K3Abv08QbKs2vgP4ARAOWaVAAAAQEICgAy4dBFrx5u"} -00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":24,"flow_first_seen":1492167648277,"flow_last_seen":1492167720406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":7446,"flow_avg_l4_payload_len":310,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":36,"flow_first_seen":1492167695237,"flow_last_seen":1492167720429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":12571,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":18,"flow_first_seen":1492167695488,"flow_last_seen":1492167720468,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492167848542,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1492167848542,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1492167848542,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADlWmgAAIARWkzAqAFkwKgB\/wCKAIoA0eSKEQ7\/A8CoAWQAigC7AAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwCA\/AoAR0lPVkFOTkktUEMAAAAAAAYBAxIFAA8BVaoA"} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492167848542,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":1,"flow_first_seen":1492167849769,"flow_last_seen":1492167849769,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167849769,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1492167849769,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1492167849769,"pkt":"MzMAAAACuHgu4toHht1gCKryABA6\/\/6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAChQD\/swAAAAABAbh4LuLaBw=="} +00565{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":1,"flow_first_seen":1492167849769,"flow_last_seen":1492167849769,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167849769,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492167851002,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1492167851002,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1492167851002,"pkt":"\/\/\/\/\/\/\/\/uHgu4toHCABFAAFI3+EAAP8R2sMAAAAA\/\/\/\/\/wBEAEMBNOAUAQEGADPq6ioAAAAAAAAAAAAAAAAAAAAAAAAAALh4LuLaBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAbh4LuLaBzIEwKgBajMEAHanAAwOaVBob25lZGlNb25pY2H\/AAAAAAAA"} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492167851002,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252"}} +00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167851203,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1492167851203,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1492167851203,"pkt":"MzP\/hmxbuHgu4toHht1gAAAAACA6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/hmxbhwDa5wAAAAD+gAAAAAAAAAhCo\/OihmxbDgE+iVJ12j4="} +00553{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167851203,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1492167851204,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"ts_msec":1492167851204,"pkt":"MzMAAAACuHgu4toHht1gCL93AAg6\/\/6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAChQDCHwAAAAA="} +00531{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1492167852023,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":110,"pkt_l4_len":48,"ts_msec":1492167852023,"pkt":"MzMAAAAWuHgu4toHht1gAAAAADgAAf6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAPHlAAAAAgQAAAD\/AgAAAAAAAAAAAAL\/tFRbBAAAAP8CAAAAAAAAAAAAAf+GbFs="} +00566{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packets_processed":50,"flow_first_seen":1492167720101,"flow_last_seen":1492167748133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":27649,"flow_avg_l4_payload_len":552,"midstream":0,"ts_msec":1492167865541,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":18,"flow_first_seen":1492167720353,"flow_last_seen":1492167748129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492167865541,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492167865541,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":1,"flow_first_seen":1492167865975,"flow_last_seen":1492167865975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167865975,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1492167865975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167865975,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cVZAAEAGp93AqAFny82Tq+K4AbvAQN+1AAAAAKACchCA5wAAAgQFtAQCCAoAMq7jAAAAAAEDAwc="} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":1,"flow_first_seen":1492167866226,"flow_last_seen":1492167866226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167866226,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1492167866226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167866226,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8hOdAAEAGlEzAqAFny82Tq+K5AbuucSvFAAAAAKACchBGZwAAAgQFtAQCCAoAMq8iAAAAAAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167866243,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rhfZ1wawEDftqASN8iGUwAAAgQFoAQCCApFrzOuADKu4wEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167866243,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVdAAEAGp+TAqAFny82Tq+K4AbvAQN+2X2dcG4AQAOXrqwAAAQEICgAyryZFrzOu"} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":4,"flow_first_seen":1492167865975,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167866243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1492167866495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167866495,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rl6NAw+rnErxqASN8iAowAAAgQFoAQCCApFrzPtADKvIgEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1492167866495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167866495,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOhAAEAGlFPAqAFny82Tq+K5AbuucSvGejQMP4AQAOXl+wAAAQEICgAyr2VFrzPt"} +00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":6,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":8,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":6,"flow_first_seen":1492167866226,"flow_last_seen":1492167871050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492167871050,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":8,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01382{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":10,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":10,"flow_first_seen":1492167788126,"flow_last_seen":1492167840351,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":400,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167878856,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":10,"flow_first_seen":1492167788128,"flow_last_seen":1492167840352,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":400,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167878856,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":26,"flow_first_seen":1492167765433,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9786,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":1,"flow_first_seen":1492167905310,"flow_last_seen":1492167905310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167905310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1492167905310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905310,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8Y7pAAEAGtXnAqAFny82Tq+K6AbsLFrb3AAAAAKACchA4ZAAAAgQFtAQCCAoAMtVNAAAAAAEDAwc="} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":1,"flow_first_seen":1492167905561,"flow_last_seen":1492167905561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167905561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1492167905561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905561,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8gtZAAEAGll3AqAFny82Tq+K7AbsB+ldaAAAAAKACchCg3QAAAgQFtAQCCAoAMtWMAAAAAAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1492167905585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905585,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rpcdpBKCxa2+KASN8jmJgAAAgQFoAQCCApFr1oYADLVTQEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1492167905585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167905585,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Y7tAAEAGtYDAqAFny82Tq+K6AbsLFrb4XHaQS4AQAOVLfQAAAQEICgAy1ZJFr1oY"} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":4,"flow_first_seen":1492167905310,"flow_last_seen":1492167905586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167905586,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1492167905858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905858,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rtG\/8zAAfpXW6ASN8gnXAAAAgQFoAQCCApFr1pdADLVjAEDAwc="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1492167905858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167905858,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0gtdAAEAGlmTAqAFny82Tq+K7AbsB+ldbRv\/MwYAQAOWMrQAAAQEICgAy1dZFr1pd"} +00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00521{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} +00532{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} +00534{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packets_processed":3,"flow_first_seen":1492167449288,"flow_last_seen":1492167820408,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":12,"flow_first_seen":1492167440984,"flow_last_seen":1492167822531,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":3,"flow_first_seen":1492167440370,"flow_last_seen":1492167815567,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":1,"flow_first_seen":1492167918120,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":1,"flow_first_seen":1492167918120,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":49,"flow_first_seen":1492167865975,"flow_last_seen":1492167896999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":21218,"flow_avg_l4_payload_len":433,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":18,"flow_first_seen":1492167866226,"flow_last_seen":1492167897002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":22,"flow_first_seen":1492167905310,"flow_last_seen":1492167916848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":8052,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":14,"flow_first_seen":1492167788126,"flow_last_seen":1492167911210,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packets_processed":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packets_processed":59,"flow_first_seen":1492167776953,"flow_last_seen":1492167815112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":25818,"flow_avg_l4_payload_len":437,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00583{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packets_processed":49,"flow_first_seen":1492167865975,"flow_last_seen":1492167896999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":21218,"flow_avg_l4_payload_len":433,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packets_processed":18,"flow_first_seen":1492167866226,"flow_last_seen":1492167897002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":22,"flow_first_seen":1492167905310,"flow_last_seen":1492167916848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":8052,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packets_processed":14,"flow_first_seen":1492167788126,"flow_last_seen":1492167911210,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packets_processed":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} -00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packets_processed":14,"flow_first_seen":1492167788128,"flow_last_seen":1492167911211,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} +00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packets_processed":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packets_processed":14,"flow_first_seen":1492167788128,"flow_last_seen":1492167911211,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packets_processed":1,"flow_first_seen":1492171154216,"flow_last_seen":1492171154216,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1492171154216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"ts_msec":1492171154216,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":1,"flow_first_seen":1492171154792,"flow_last_seen":1492171154792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1492171154792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171154792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0MxpAAEAGXPXAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT0MFQAAAQEICgA\/OqCGKY\/Q"} -00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":1,"flow_first_seen":1492171164904,"flow_last_seen":1492171164904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171164904,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1492171164904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171164904,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRVAAEAG2hjAqAFnX2UiIpknAFAjQjGZFOMj7IAQBf7IcQAAAQEICgA\/RIBwfIhZ"} -00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packets_processed":1,"flow_first_seen":1492171166312,"flow_last_seen":1492171166312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171166312,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1492171166312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171166312,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/65AAEAG93\/AqAFnX2UiIYi0AFB\/4ffk18M9+4AQCyPvSAAAAQEICgA\/ReBr6XAp"} -00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":1,"flow_first_seen":1492171166440,"flow_last_seen":1492171166440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171166440,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1492171166440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171166440,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqRAAEAGaIrAqAFnX2UiIYi3AFBZ1tlh3d8I5IAQBaRnrgAAAQEICgA\/RgBr6XCp"} -00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packets_processed":1,"flow_first_seen":1492171166696,"flow_last_seen":1492171166696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171166696,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1492171166696,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171166696,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7pAAEAGr3TAqAFnX2UiIYi4AFDlnJrhImFMS4AQCdyNBgAAAQEICgA\/RkBr6XGp"} -00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":1,"flow_first_seen":1492171168104,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171168104,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171168104,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nhAAEAGJLXAqAFnX2UiIpk\/AFBMVGJPaE9vZoAQBU7AugAAAQEICgA\/R6BwfJTZ"} -00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":1,"flow_first_seen":1492171168104,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171168104,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171168104,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkNAAEAG0OvAqAFnX2UiIYilAFA23DHngeAL9oAQBaSDAQAAAQEICgA\/R6Br6Xcq"} -00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1492171169377,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1492171169377,"pkt":"8IQvSpdgeJKcD6iOCABFEABMYzZAAEAR4JXAqAFnwcxy6ZLKAHsAOA7KIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANybOCEWgBhs"} -00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}} -02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1562,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"ts_msec":1492171171688,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpo1AAEAGahPAqAFny82XotOnAbtQhl2xjWp\/PoAYBaR4aAAAAQEICgA\/SyBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":1,"flow_first_seen":1492171175912,"flow_last_seen":1492171175912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171175912,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1492171175912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171175912,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0iE1AAEAGSqnAqAFn2DrNg+MfAbtA+v0fFZsbqIAQAT54MgAAAQEICgA\/T0Ay2r7t"} -00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BdAAEAGIxbAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvX7AAAAQEICgA\/UBZwfB+e"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/69AAEAG937AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPlEAAAAQEICgA\/UBZr6XAp"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqVAAEAGaInAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRdlQAAAQEICgA\/UBdr6XCp"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7tAAEAGr3PAqAFnX2UiIYi4AFDlnJriImFMS4ARCdyDLQAAAQEICgA\/UBdr6XGp"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRZAAEAG2hfAqAFnX2UiIpknAFAjQjGaFOMj7IARBf682AAAAQEICgA\/UBdwfIhZ"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0251AAEAGiP7AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf1WAAAAQEICgA\/UBcc0iJk"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e59AAEAGnZzAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW08AAAAQEICgA\/UBdF3\/Tx"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkRAAEAG0OrAqAFnX2UiIYilAFA23DHogeAL9oARBaR6iAAAAQEICgA\/UBdr6Xcq"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nlAAEAGJLTAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64QQAAAQEICgA\/UBdwfJTZ"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+U9AAEARvKPAqAFnwKgB\/uM1ADUAMHLoUUIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1492171177004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177004,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BhAAEAGIxXAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXsQAAAQEICgA\/UFFwfB+e"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":3,"flow_last_seen":1492171177012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177012,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRdAAEAG2hbAqAFnX2UiIpknAFAjQjGaFOMj7IARBf68nAAAAQEICgA\/UFNwfIhZ"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1492171177024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177024,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/7BAAEAG933AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPk0AAAAQEICgA\/UFZr6XAp"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1492171177024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177024,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7xAAEAGr3LAqAFnX2UiIYi4AFDlnJriImFMS4ARCdyC7gAAAQEICgA\/UFZr6XGp"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1492171177028,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177028,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00npAAEAGJLPAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64AQAAAQEICgA\/UFdwfJTZ"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":1492171177032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177032,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkVAAEAG0OnAqAFnX2UiIYilAFA23DHogeAL9oARBaR6RwAAAQEICgA\/UFhr6Xcq"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1492171177040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177040,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqZAAEAGaIjAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRdUgAAAQEICgA\/UFpr6XCp"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1492171177040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177040,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0255AAEAGiP3AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf1FQAAAQEICgA\/UFoc0iJk"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1492171177240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177240,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BlAAEAGIxTAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXdgAAAQEICgA\/UIxwfB+e"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":1492171177308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177308,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0259AAEAGiPzAqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf00gAAAQEICgA\/UJ0c0iJk"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1492171177380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177380,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6BAAEAGnZvAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW0WAAAAQEICgA\/UK9F3\/Tx"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1492171177429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171177429,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+fFAAEARvAHAqAFnwKgB\/qk1ADUAMHHYjFIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_last_seen":1492171178268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171178268,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6FAAEAGnZrAqAFny82Tq+NyAbsh7o58Fu1nsYARAOWzegAAAQEICgA\/UY1F3\/Tx"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1492171178741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171178741,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+rRAAEARuz7AqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1492171183746,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171183746,"pkt":"8IQvSpdgeJKcD6iOCABFAABE\/1xAAEARtpbAqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171184747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1492171184747,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171184747,"pkt":"8IQvSpdgeJKcD6iOCABFAABEAC1AAEARtcbAqAFnwKgB\/oR7ADUAMLAAcuQBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171184747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":5,"flow_first_seen":1492171176772,"flow_last_seen":1492171183608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":5,"flow_first_seen":1492171176772,"flow_last_seen":1492171183608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} -00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1492171203806,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"ts_msec":1492171203806,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj\/YAAAEC8ZXAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} -00549{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171205448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} -00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1492171205448,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171205448,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} -00550{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171205448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":1,"flow_first_seen":1492171206877,"flow_last_seen":1492171206877,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171206877,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} -00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1492171206877,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171206877,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+EAAAECUizAqAFk4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} -00550{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":1,"flow_first_seen":1492171206877,"flow_last_seen":1492171206877,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171206877,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1633,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1492171208516,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171208516,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+IAAAECUivAqAFk4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1634,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1492171210973,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171210973,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+UAAAECUijAqAFk4AAAFpQEAAAiAOwAAAAAAQIAAADv\/\/\/9"} -00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171211383,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1492171211383,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171211383,"pkt":"AQBeAAAWACSlnnPpCABGwAAoAABAAAECQeXAqAFs4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"} -00550{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171211383,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":7,"flow_first_seen":1492171176772,"flow_last_seen":1492171185368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":7,"flow_first_seen":1492171176772,"flow_last_seen":1492171185368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":8,"flow_first_seen":1492171168104,"flow_last_seen":1492171185112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":8,"flow_first_seen":1492171168104,"flow_last_seen":1492171185112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packets_processed":8,"flow_first_seen":1492171166312,"flow_last_seen":1492171184984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packets_processed":8,"flow_first_seen":1492171166312,"flow_last_seen":1492171184984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":8,"flow_first_seen":1492171166440,"flow_last_seen":1492171185368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":8,"flow_first_seen":1492171166440,"flow_last_seen":1492171185368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packets_processed":8,"flow_first_seen":1492171166696,"flow_last_seen":1492171184848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packets_processed":8,"flow_first_seen":1492171166696,"flow_last_seen":1492171184848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":7,"flow_first_seen":1492171176772,"flow_last_seen":1492171184328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":7,"flow_first_seen":1492171176772,"flow_last_seen":1492171184328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":8,"flow_first_seen":1492171164904,"flow_last_seen":1492171184464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":8,"flow_first_seen":1492171164904,"flow_last_seen":1492171184464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":8,"flow_first_seen":1492171168104,"flow_last_seen":1492171184984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":8,"flow_first_seen":1492171168104,"flow_last_seen":1492171184984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"AQBeAAD7eJKcD6iOCABFAABESuVAAAERi7nAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} -00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"AQBeAAD7eJKcD6iOCABFAABESuZAAAERi7jAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1492171251303,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171251303,"pkt":"AQBeAAD7eJKcD6iOCABFAABESy5AAAERi3DAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1641,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1492171251303,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492171251303,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} -00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFZAAEAGSOjAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5FiAAAAQEICgA\/pcIy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1492171267294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJBJAAEARkeHAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1646,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8tAAEAGr2PAqAFnX2UiIYi4AFDlnJriImFMS4ARCdwsYAAAAQEICgA\/puRr6XGp"} -00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1647,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/79AAEAG927AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyOM4gAAAQEICgA\/qERr6XAp"} -00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00olAAEAGJKTAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU5gFAAAAQEICgA\/qERwfJTZ"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171267430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1492171267430,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1492171267430,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJlBAAEARj6bAqAFnwKgB\/uivADUALYbgc9oBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="} -00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171267430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":1,"flow_first_seen":1492171267576,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171267576,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171267576,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01ChAAEAGIwXAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgt\/PgAAAQEICgA\/qMRwfB+e"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1492171268427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1492171268427,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJl5AAEARj5jAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="} -00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1652,"source":"wechat.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":1,"flow_first_seen":1492171268472,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171268472,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1652,"source":"wechat.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171268472,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JlRAAEAG0NrAqAFnX2UiIYilAFA23DHogeAL9oARBaQg+wAAAQEICgA\/qaRr6Xcq"} -01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":3,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1492171268600,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFdAAEAGSOfAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5BhgAAAQEICgA\/qcQy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1492171268754,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171268754,"pkt":"8IQvSpdgeJKcD6iOCABFAABIJm1AAEARj4LAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} -00729{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1655,"source":"wechat.pcap","alias":"nDPId-test","flow_id":115,"flow_packets_processed":1,"flow_first_seen":1492171269128,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171269128,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1655,"source":"wechat.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171269128,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HSdAAEAG2gbAqAFnX2UiIpknAFAjQjGaFOMj7IARBf5ipwAAAQEICgA\/qkhwfIhZ"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1656,"source":"wechat.pcap","alias":"nDPId-test","flow_id":116,"flow_packets_processed":1,"flow_first_seen":1492171269192,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171269192,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1656,"source":"wechat.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171269192,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e7BAAEAGnYvAqAFny82Tq+NyAbsh7o58Fu1nsYARAOVarwAAAQEICgA\/qlhF3\/Tx"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":1,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1492171269383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171269383,"pkt":"8IQvSpdgeJKcD6iOCABFAABDJn9AAEARj3XAqAFnwKgB\/qwfADUALz4De5MBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwAAAQAB"} -00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":1,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1492171269383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171269383,"pkt":"8IQvSpdgeJKcD6iOCABFAABDJoBAAEARj3TAqAFnwKgB\/qwfADUAL2b9N5kBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"} -00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":118,"flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171269548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1492171269548,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"ts_msec":1492171269548,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwL\/IAAIARhLfAqAFkwKgB\/wCKAIoA3H89EQ7\/KMCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":118,"flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171269548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1492171269750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171269750,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJttAAEARjxjAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":119,"flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492171270418,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1492171270418,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1492171270418,"pkt":"8IQvSpdgeJKcD6iOCABFAAA9Ju1AAEARjw3AqAFnwKgB\/qZdADUAKRuahlUBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"} -00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":119,"flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492171270418,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packets_processed":1,"flow_first_seen":1492171271288,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171271288,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171271288,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jrVAAEAGaHnAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaQBSAAAAQEICgA\/rGRr6XCp"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1663,"source":"wechat.pcap","alias":"nDPId-test","flow_id":121,"flow_packets_processed":1,"flow_first_seen":1492171271288,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171271288,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"wechat.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171271288,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0261AAEAGiO7AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJeZCwAAAQEICgA\/rGQc0iJk"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1492171273433,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1492171273433,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJ9JAAEARjiTAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1492171273759,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171273759,"pkt":"8IQvSpdgeJKcD6iOCABFAABIKB1AAEARjdLAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":1,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1492171274388,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1492171274388,"pkt":"8IQvSpdgeJKcD6iOCABFAABHKHpAAEARjXbAqAFnwKgB\/qdoADUAMwYVU1YBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwNsYW4AAAEAAQ=="} -00728{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":1,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1492171274388,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1492171274388,"pkt":"8IQvSpdgeJKcD6iOCABFAABHKHtAAEARjXXAqAFnwKgB\/qdoADUAMwU2OTUBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwNsYW4AABwAAQ=="} -00737{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171274755,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1492171274755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171274755,"pkt":"8IQvSpdgeJKcD6iOCABFAABIKKBAAEARjU\/AqAFnwKgB\/q06ADUANGSfuxkBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} -00729{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171274755,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} -00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":116,"flow_packets_processed":1,"flow_first_seen":1492171269192,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":116,"flow_packets_processed":1,"flow_first_seen":1492171269192,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":1,"flow_first_seen":1492171268472,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":113,"flow_packets_processed":1,"flow_first_seen":1492171268472,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":1,"flow_first_seen":1492171267576,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":1,"flow_first_seen":1492171267576,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":115,"flow_packets_processed":1,"flow_first_seen":1492171269128,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":115,"flow_packets_processed":1,"flow_first_seen":1492171269128,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":2,"flow_first_seen":1492171178741,"flow_last_seen":1492171183746,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1492171290232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMahAAEARhEzAqAFnwKgB\/qMfADUAL3l8SRkBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAAQAB"} -00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMalAAEARhEvAqAFnwKgB\/qMfADUAL1ZyUSMBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"} -00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Mx1AAEAGXPLAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT2IFAAAAQEICgA\/vqCGKY\/Q"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1492171291761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171291761,"pkt":"8IQvSpdgeJKcD6iOCABFAABIMrNAAEARgzzAqAFnwKgB\/tELADUANPxl\/4EBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} -00729{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":119,"flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packets_processed":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} -00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":3,"flow_first_seen":1492171206877,"flow_last_seen":1492171210973,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} -00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} -00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":121,"flow_packets_processed":1,"flow_first_seen":1492171271288,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":121,"flow_packets_processed":1,"flow_first_seen":1492171271288,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":118,"flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171269750,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":1,"flow_first_seen":1492171154216,"flow_last_seen":1492171154216,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1492171154216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"ts_msec":1492171154216,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":1,"flow_first_seen":1492171154792,"flow_last_seen":1492171154792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1492171154792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171154792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0MxpAAEAGXPXAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT0MFQAAAQEICgA\/OqCGKY\/Q"} +00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":1,"flow_first_seen":1492171164904,"flow_last_seen":1492171164904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171164904,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1492171164904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171164904,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRVAAEAG2hjAqAFnX2UiIpknAFAjQjGZFOMj7IAQBf7IcQAAAQEICgA\/RIBwfIhZ"} +00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":1,"flow_first_seen":1492171166312,"flow_last_seen":1492171166312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171166312,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1492171166312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171166312,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/65AAEAG93\/AqAFnX2UiIYi0AFB\/4ffk18M9+4AQCyPvSAAAAQEICgA\/ReBr6XAp"} +00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packets_processed":1,"flow_first_seen":1492171166440,"flow_last_seen":1492171166440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171166440,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1492171166440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171166440,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqRAAEAGaIrAqAFnX2UiIYi3AFBZ1tlh3d8I5IAQBaRnrgAAAQEICgA\/RgBr6XCp"} +00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":1,"flow_first_seen":1492171166696,"flow_last_seen":1492171166696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171166696,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1492171166696,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171166696,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7pAAEAGr3TAqAFnX2UiIYi4AFDlnJrhImFMS4AQCdyNBgAAAQEICgA\/RkBr6XGp"} +00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":1,"flow_first_seen":1492171168104,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171168104,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171168104,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nhAAEAGJLXAqAFnX2UiIpk\/AFBMVGJPaE9vZoAQBU7AugAAAQEICgA\/R6BwfJTZ"} +00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packets_processed":1,"flow_first_seen":1492171168104,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171168104,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171168104,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkNAAEAG0OvAqAFnX2UiIYilAFA23DHngeAL9oAQBaSDAQAAAQEICgA\/R6Br6Xcq"} +00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1492171169377,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1492171169377,"pkt":"8IQvSpdgeJKcD6iOCABFEABMYzZAAEAR4JXAqAFnwcxy6ZLKAHsAOA7KIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANybOCEWgBhs"} +00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}} +02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1562,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"ts_msec":1492171171688,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpo1AAEAGahPAqAFny82XotOnAbtQhl2xjWp\/PoAYBaR4aAAAAQEICgA\/SyBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packets_processed":1,"flow_first_seen":1492171175912,"flow_last_seen":1492171175912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171175912,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1492171175912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171175912,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0iE1AAEAGSqnAqAFn2DrNg+MfAbtA+v0fFZsbqIAQAT54MgAAAQEICgA\/T0Ay2r7t"} +00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BdAAEAGIxbAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvX7AAAAQEICgA\/UBZwfB+e"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/69AAEAG937AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPlEAAAAQEICgA\/UBZr6XAp"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqVAAEAGaInAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRdlQAAAQEICgA\/UBdr6XCp"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7tAAEAGr3PAqAFnX2UiIYi4AFDlnJriImFMS4ARCdyDLQAAAQEICgA\/UBdr6XGp"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRZAAEAG2hfAqAFnX2UiIpknAFAjQjGaFOMj7IARBf682AAAAQEICgA\/UBdwfIhZ"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0251AAEAGiP7AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf1WAAAAQEICgA\/UBcc0iJk"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e59AAEAGnZzAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW08AAAAQEICgA\/UBdF3\/Tx"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkRAAEAG0OrAqAFnX2UiIYilAFA23DHogeAL9oARBaR6iAAAAQEICgA\/UBdr6Xcq"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nlAAEAGJLTAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64QQAAAQEICgA\/UBdwfJTZ"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+U9AAEARvKPAqAFnwKgB\/uM1ADUAMHLoUUIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} +00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1492171177004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177004,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BhAAEAGIxXAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXsQAAAQEICgA\/UFFwfB+e"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1492171177012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177012,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRdAAEAG2hbAqAFnX2UiIpknAFAjQjGaFOMj7IARBf68nAAAAQEICgA\/UFNwfIhZ"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1492171177024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177024,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/7BAAEAG933AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPk0AAAAQEICgA\/UFZr6XAp"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1492171177024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177024,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7xAAEAGr3LAqAFnX2UiIYi4AFDlnJriImFMS4ARCdyC7gAAAQEICgA\/UFZr6XGp"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":3,"flow_last_seen":1492171177028,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177028,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00npAAEAGJLPAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64AQAAAQEICgA\/UFdwfJTZ"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1492171177032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177032,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkVAAEAG0OnAqAFnX2UiIYilAFA23DHogeAL9oARBaR6RwAAAQEICgA\/UFhr6Xcq"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1492171177040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177040,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqZAAEAGaIjAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRdUgAAAQEICgA\/UFpr6XCp"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1492171177040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177040,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0255AAEAGiP3AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf1FQAAAQEICgA\/UFoc0iJk"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1492171177240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177240,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BlAAEAGIxTAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXdgAAAQEICgA\/UIxwfB+e"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":1492171177308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177308,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0259AAEAGiPzAqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf00gAAAQEICgA\/UJ0c0iJk"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1492171177380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177380,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6BAAEAGnZvAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW0WAAAAQEICgA\/UK9F3\/Tx"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1492171177429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171177429,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+fFAAEARvAHAqAFnwKgB\/qk1ADUAMHHYjFIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} +00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1492171178268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171178268,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6FAAEAGnZrAqAFny82Tq+NyAbsh7o58Fu1nsYARAOWzegAAAQEICgA\/UY1F3\/Tx"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1492171178741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171178741,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+rRAAEARuz7AqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} +00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1492171183746,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171183746,"pkt":"8IQvSpdgeJKcD6iOCABFAABE\/1xAAEARtpbAqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171184747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1492171184747,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171184747,"pkt":"8IQvSpdgeJKcD6iOCABFAABEAC1AAEARtcbAqAFnwKgB\/oR7ADUAMLAAcuQBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} +00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171184747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} +00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1492171203806,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"ts_msec":1492171203806,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj\/YAAAEC8ZXAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} +00548{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171205448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} +00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1492171205448,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171205448,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} +00549{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171205448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":1,"flow_first_seen":1492171206877,"flow_last_seen":1492171206877,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171206877,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} +00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1492171206877,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171206877,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+EAAAECUizAqAFk4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} +00549{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":1,"flow_first_seen":1492171206877,"flow_last_seen":1492171206877,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171206877,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1633,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1492171208516,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171208516,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+IAAAECUivAqAFk4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1634,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_last_seen":1492171210973,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171210973,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+UAAAECUijAqAFk4AAAFpQEAAAiAOwAAAAAAQIAAADv\/\/\/9"} +00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171211383,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1492171211383,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171211383,"pkt":"AQBeAAAWACSlnnPpCABGwAAoAABAAAECQeXAqAFs4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"} +00549{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171211383,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"AQBeAAD7eJKcD6iOCABFAABESuVAAAERi7nAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"AQBeAAD7eJKcD6iOCABFAABESuZAAAERi7jAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} +00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_last_seen":1492171251303,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171251303,"pkt":"AQBeAAD7eJKcD6iOCABFAABESy5AAAERi3DAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} +00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1641,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1492171251303,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492171251303,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} +00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFZAAEAGSOjAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5FiAAAAQEICgA\/pcIy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1492171267294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJBJAAEARkeHAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} +00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171267430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1492171267430,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1492171267430,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJlBAAEARj6bAqAFnwKgB\/uivADUALYbgc9oBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="} +00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171267430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1492171268427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1492171268427,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJl5AAEARj5jAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="} +00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1492171268600,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFdAAEAGSOfAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5BhgAAAQEICgA\/qcQy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1492171268754,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171268754,"pkt":"8IQvSpdgeJKcD6iOCABFAABIJm1AAEARj4LAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} +00729{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":1,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1492171269383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171269383,"pkt":"8IQvSpdgeJKcD6iOCABFAABDJn9AAEARj3XAqAFnwKgB\/qwfADUALz4De5MBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwAAAQAB"} +00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":1,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1492171269383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171269383,"pkt":"8IQvSpdgeJKcD6iOCABFAABDJoBAAEARj3TAqAFnwKgB\/qwfADUAL2b9N5kBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"} +00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171269548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1492171269548,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"ts_msec":1492171269548,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwL\/IAAIARhLfAqAFkwKgB\/wCKAIoA3H89EQ7\/KMCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171269548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1492171269750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171269750,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJttAAEARjxjAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492171270418,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1492171270418,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1492171270418,"pkt":"8IQvSpdgeJKcD6iOCABFAAA9Ju1AAEARjw3AqAFnwKgB\/qZdADUAKRuahlUBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"} +00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492171270418,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1492171273433,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1492171273433,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJ9JAAEARjiTAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1492171273759,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171273759,"pkt":"8IQvSpdgeJKcD6iOCABFAABIKB1AAEARjdLAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":1,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1492171274388,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1492171274388,"pkt":"8IQvSpdgeJKcD6iOCABFAABHKHpAAEARjXbAqAFnwKgB\/qdoADUAMwYVU1YBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwNsYW4AAAEAAQ=="} +00728{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":1,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1492171274388,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1492171274388,"pkt":"8IQvSpdgeJKcD6iOCABFAABHKHtAAEARjXXAqAFnwKgB\/qdoADUAMwU2OTUBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwNsYW4AABwAAQ=="} +00737{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171274755,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1492171274755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171274755,"pkt":"8IQvSpdgeJKcD6iOCABFAABIKKBAAEARjU\/AqAFnwKgB\/q06ADUANGSfuxkBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} +00729{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171274755,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":2,"flow_first_seen":1492171178741,"flow_last_seen":1492171183746,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00557{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1492171290232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMahAAEARhEzAqAFnwKgB\/qMfADUAL3l8SRkBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAAQAB"} +00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMalAAEARhEvAqAFnwKgB\/qMfADUAL1ZyUSMBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"} +00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Mx1AAEAGXPLAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT2IFAAAAQEICgA\/vqCGKY\/Q"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1492171291761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171291761,"pkt":"8IQvSpdgeJKcD6iOCABFAABIMrNAAEARgzzAqAFnwKgB\/tELADUANPxl\/4EBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} +00729{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packets_processed":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} +00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":3,"flow_first_seen":1492171206877,"flow_last_seen":1492171210973,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} +00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} +00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00552{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packets_processed":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171269750,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} 00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packets_processed":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packets_processed":2,"flow_first_seen":1492171268754,"flow_last_seen":1492171273759,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packets_processed":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packets_processed":2,"flow_first_seen":1492171178741,"flow_last_seen":1492171183746,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packets_processed":2,"flow_first_seen":1492171268427,"flow_last_seen":1492171273433,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packets_processed":1,"flow_first_seen":1492171271288,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00551{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packets_processed":1,"flow_first_seen":1492171271288,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} -00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packets_processed":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00554{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packets_processed":2,"flow_first_seen":1492171268754,"flow_last_seen":1492171273759,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packets_processed":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packets_processed":2,"flow_first_seen":1492171178741,"flow_last_seen":1492171183746,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packets_processed":2,"flow_first_seen":1492171268427,"flow_last_seen":1492171273433,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":9,"flow_first_seen":1492171166312,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packets_processed":9,"flow_first_seen":1492171166312,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packets_processed":9,"flow_first_seen":1492171166440,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packets_processed":9,"flow_first_seen":1492171166440,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":9,"flow_first_seen":1492171166696,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packets_processed":9,"flow_first_seen":1492171166696,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} +00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":9,"flow_first_seen":1492171164904,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packets_processed":9,"flow_first_seen":1492171164904,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00550{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","total-events-serialized":775} +00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","total-events-serialized":721} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1672/1672 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 561272 bytes ~~ total detected protocols..: 81 -~~ total active/idle flows...: 125/125 +~~ total active/idle flows...: 112/112 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 2576052 bytes -~~ total memory freed........: 2576052 bytes -~~ total allocations/frees...: 37995/37995 +~~ total memory allocated....: 2555044 bytes +~~ total memory freed........: 2555044 bytes +~~ total allocations/frees...: 37956/37956 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 163 chars ~~ json string max len.......: 2268 chars diff --git a/test/results/weibo.pcap.out b/test/results/weibo.pcap.out index e1f0e544c..749ca4cb9 100644 --- a/test/results/weibo.pcap.out +++ b/test/results/weibo.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"weibo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"weibo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1463089067804,"flow_last_seen":1463089067804,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1463089067804,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1463089067804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1463089067804,"pkt":"eJKcD6iOkDVu60UQCABFAAClAABAADMR2u3YOtIOwKgBaQG7wNEAkSEpAAl3y2T5ujTCSSEU5zJMPfXh7u\/a3oWq2yhhK1m4ny+qR4W2lfILr6Ils4h\/iqKUCkI0zipqePuQ8qDP3gfa2UEwOgxjQY6zEBJhdLLCAKezbAF+wpbNcZnrqI9Vp3iRS5CpzEuDxhuTRv5J009cEtkCA6nVS0D6WXhVs+S9\/EHIHeXl6YD1cbA="} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1463089067804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"ts_msec":1463089067804,"pkt":"eJKcD6iOkDVu60UQCABFAAFTAABAADMR2j\/YOtIOwKgBaQG7wNEBPzHaAAoUu93Ovdfsj+VZ99cgMeSVKfCKokSNRuOMv1PGF2DIkukcXrUmGkv\/ArCiq\/KK23NXKqXH3z8FxKfa8OQtN5x73GaADweitAmqYsU072yu9KsRUtnFIEIB5Y5LqWVX6vqXepSvfYCEhodq+tUiz0aSzdffkeHhLztt20iOOpChbjrtXhyjh2xOYPCWGl\/75gN\/zEEb2R9h09zfr5IUCExPcV8JWIdoh2fXU4mq9qytwCU0GOdjsWy12v2HhTBnSYnXaFz8kW\/ToyswW6z6hT26xiqWB5RJW9cvGUU8G6jKCXTHHR5WczEJ7NLt9QErBQKutf8Nh4rVBXW1avPgj1A0tNYSKXAcYt1eYGsw4tjOzS7DHafUDgikSZ+H9BNuGGXb1gwh45909vW3665ubMpNt9lmWoI="} diff --git a/test/results/whatsapp_login_call.pcap.out b/test/results/whatsapp_login_call.pcap.out index e83e0f9cd..815fa50e0 100644 --- a/test/results/whatsapp_login_call.pcap.out +++ b/test/results/whatsapp_login_call.pcap.out @@ -1,4 +1,4 @@ -00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1432582222253,"flow_last_seen":1432582222253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582222253,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432582222253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582222253,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432582222267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"ts_msec":1432582222267,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="} @@ -134,16 +134,6 @@ 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1432582239035,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582239035,"pkt":"APS5Jrv0xiwDYGpkCABFAABIsFoAAFQRjmEfDUYwwKgCBA2WyT4ANL3lAQMAGCESpEIAACUBlIyWX5N55xQAIAAIAAGRdm4xsYdAAgAIAAABTYyOMrg="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1432582239055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582239055,"pkt":"APS5Jrv0xiwDYGpkCABFAABI6QYAAFMRTSUfDU\/AwKgCBA2WyT4ANHa7AQMAGCESpEIAADsyhsRFd5d2aQUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuQ="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1432582239083,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582239083,"pkt":"APS5Jrv0xiwDYGpkCABFAABIAeoAAFYRK9IfDVUwwKgCBA2WyT4ANFR5AQMAGCESpEIAADIU0Oi5cQTqY2QAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuM="} -00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":1,"flow_first_seen":1432582244297,"flow_last_seen":1432582244297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1432582244297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582244297,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAojkRAAEAGShnAqAIEEaeOH8AMAbt6TdZMbFoWmFAR\/\/+4DAAA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1432582244435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582244435,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoqu8AAO0GwG0Rp44fwKgCBAG7wAxsWhaYek3WTVARn\/4YDQAA"} @@ -170,26 +160,6 @@ 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1432582250339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582250339,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoFBJAAEAGxF3AqAIEEaeODcAwAbsLr3wkAQ2ywFAR\/\/9P5gAA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1432582250476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582250476,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoVmEAAO4GFA4Rp44NwKgCBAG7wDABDbLAC698JVARn\/6v5gAA"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582250618,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAotpxAAEAGIdPAqAIEEaeODcAwAbsLr3wlAQ2ywVAQ\/\/9P5QAA"} -00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00560{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582256633,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1432582258587,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582258587,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIJ6AAAEARMxjAqAIEAcJav8k+65gANBimAAEAGCESpEI2xNtJG9sue8sIM0EACAAU5G1owzzn9g07DgjX0q3CWkGBWA0="} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} @@ -200,10 +170,6 @@ 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1432582258825,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1432582258825,"pkt":"xiwDYGpkAPS5Jrv0CABFwAFIgM0AAEARKS3AqAIEW\/2wQck+JIABNDV+gPhBLgAAPABUWSgkrOczzTmmNaWeHGyeFn5K8vlkangPxwACY7IwMpCpL5qUBEDYknjmXwiwt1Sg\/GoDEpuWps7K3BPScguv1CoIPKC+VL4kk69VBQy2eU1f6p0OhYSXKAcM\/9HmK5KZeJJnhjzxZ+J\/AtWZs+X8uDaujdvMYKyUONaU\/07PQLiEd81h3NGLNxCpTNYPkmMGXMy1y+UaiUzN89zB2\/RkHbLVqN6e+nvnnRR2frMRlVsFWAJQmXtD929e1+a2u\/RdJfu15HCbSLl3jTXDbl84mpeVYYxkc3LSpxB7HrCYZEpYcCniVsfACmA6zpHVbv1BlaoQu+KuUWJT2eQ73+Vh12sP5aPix21kFcGvLfE3UalmxPkTCEhiCOUQRQbTvOcEo103"} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1432582259254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582259254,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbNAAAEAR7efAqAIEAcJav8k+65gANKlVAAEAGCESpEKmTTdqxAPLVFlkZFwACAAUe9SyVdo3\/CPkaMOU00d3jUs\/Tzg="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1432582259886,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582259886,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI77MAAEARawTAqAIEAcJav8k+65gANKqSAAEAGCESpEK30Ms3\/7rzJdDOeSQACAAUjiMqFpbreAaLOXedI1Eon++y9eE="} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":681,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582266644,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":681,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582266644,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":681,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582266644,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":681,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582266644,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00534{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":1,"flow_first_seen":1432582267983,"flow_last_seen":1432582267983,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582267983,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1432582267983,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1432582267983,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA44FwAAEABy33AqAIEW\/2wQQMDDx4AAAAARQAANHIMAAAvEUrCW\/2wQcCoAgQkgMk+ACAAAA=="} 00567{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":1,"flow_first_seen":1432582267983,"flow_last_seen":1432582267983,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582267983,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}} @@ -215,12 +181,6 @@ 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1432582273095,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1432582273095,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRE0AAP8RdlgAAAAA\/\/\/\/\/wBEAEMBNOdeAQEGALYzLg0AAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1432582275776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1432582275776,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRE4AAP8RdlcAAAAA\/\/\/\/\/wBEAEMBNOdcAQEGALYzLg0ABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1432582276331,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1432582276331,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISQGwAAEARsh7AqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00583{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":856,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582277069,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":856,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582277069,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":856,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582277069,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":856,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582277069,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":856,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582277069,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":856,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582277069,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284805,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1432582284805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1432582284805,"pkt":"AQBeAAD72DBiVgAcCABFAAA+cQoAAP8RGNup\/qbP4AAA+xTpFOkAKikcAAAAAAABAAAAAAAACkx1Y2FzLWlNYWMFbG9jYWwAAByAAQ=="} 00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284805,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} @@ -242,8 +202,6 @@ 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1432582285047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"ts_msec":1432582285047,"pkt":"MzMAAAD72DBiVgAcht1gA4nLAGwR\/\/6AAAAAAAAA2jBi\/\/5WABz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsVWEAAIQAAAAAAQAAAAIKTHVjYXMtaU1hYwVsb2NhbAAAHIABAAAAeAAQ\/oAAAAAAAADaMGL\/\/lYAHMAMAAGAAQAAAHgABKn+ps\/ADAAcgAEAAAB4ABD+gAAAAAAAANowYv\/+VgAc"} 00653{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582285047,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1432582285062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582285062,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABInyUAAEARVS\/AqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} -00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":868,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15132,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1432582288984,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":868,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15484,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1432582288984,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1432582296337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296337,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalSUAAEARuYTAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} @@ -312,6 +270,26 @@ 00571{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00540{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":10,"flow_first_seen":1432582267983,"flow_last_seen":1432582311138,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} +00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00565{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":3,"flow_first_seen":1432582247125,"flow_last_seen":1432582324191,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":1,"flow_first_seen":1432582355253,"flow_last_seen":1432582355253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582355253,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1432582355253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1432582355253,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAz7ZAAEAGVELAqAIEEa1CZsA1Abt+ckUjAAAAALAC\/\/9LOwAAAgQFtAEDAwQBAQgKLfwhgQAAAAAEAgAA"} @@ -319,8 +297,24 @@ 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1432582355478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582355478,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoTu9AAEAG1SHAqAIEEa1CZsA1Abt+ckUkpMYmoFAQQAAIJwAA"} 00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":4,"flow_first_seen":1432582355253,"flow_last_seen":1432582355482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1432582355482,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":6,"flow_first_seen":1432582355253,"flow_last_seen":1432582355622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1432582355622,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00584{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00561{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packets_processed":10,"flow_first_seen":1432582271840,"flow_last_seen":1432582331780,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3000,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -329,12 +323,16 @@ 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310665,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packets_processed":20,"flow_first_seen":1432582296339,"flow_last_seen":1432582310668,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":2153,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packets_processed":5,"flow_first_seen":1432582296339,"flow_last_seen":1432582310667,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310667,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packets_processed":198,"flow_first_seen":1432582303300,"flow_last_seen":1432582311036,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":22102,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packets_processed":4,"flow_first_seen":1432582246280,"flow_last_seen":1432582336425,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -346,6 +344,7 @@ 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packets_processed":3,"flow_first_seen":1432582247125,"flow_last_seen":1432582324191,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15132,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packets_processed":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -358,6 +357,7 @@ 00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packets_processed":10,"flow_first_seen":1432582267983,"flow_last_seen":1432582311138,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packets_processed":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15484,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packets_processed":32,"flow_first_seen":1432582355253,"flow_last_seen":1432582356195,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7941,"flow_avg_l4_payload_len":248,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00171{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","total-events-serialized":362} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/whatsapp_login_chat.pcap.out b/test/results/whatsapp_login_chat.pcap.out index b73aabbac..91b34f089 100644 --- a/test/results/whatsapp_login_chat.pcap.out +++ b/test/results/whatsapp_login_chat.pcap.out @@ -1,4 +1,4 @@ -00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582377898,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432582377898,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582377898,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI56kAAEARDKvAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} 00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582377898,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}} @@ -34,13 +34,13 @@ 00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7440000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432582412221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"ts_msec":1432582412221,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu8AAC8GqncRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlb7AAAAQEICm+JWZ8t\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432582413522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"ts_msec":1432582413522,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvAAAC8GqnYRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlW0AAAAQEICm+JXrst\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} -00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":91,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1432582425196,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":91,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1432582425196,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432582426553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1432582426553,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISk3sAAEARXw\/AqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":6,"flow_first_seen":1432582399902,"flow_last_seen":1432582425196,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1800,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":2,"flow_first_seen":1432582396509,"flow_last_seen":1432582426553,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":6,"flow_first_seen":1432582411561,"flow_last_seen":1432582431565,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/whatsapp_voice_and_message.pcap.out b/test/results/whatsapp_voice_and_message.pcap.out index dc0df7854..140c53de1 100644 --- a/test/results/whatsapp_voice_and_message.pcap.out +++ b/test/results/whatsapp_voice_and_message.pcap.out @@ -1,4 +1,4 @@ -00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1432820558921,"flow_last_seen":1432820558921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432820558921,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820558921,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820558921,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820558982,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820558982,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"} @@ -43,8 +43,6 @@ 00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":1,"flow_first_seen":1432820571488,"flow_last_seen":1432820571488,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820571488,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432820571716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432820571716,"pkt":"ABoRAAACABoRAAABCABFAABIABxAABAR+EMfDUkwCggAAQ2W0XQANGvUAQMAGCESpEIAAOlKSWdSWOu7U1cAIAAIAAGOsJ6wzx5AAgAIAAABTZrC3xA="} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432820571716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820571716,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1432820624900,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1432820624900,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":1,"flow_first_seen":1432820624900,"flow_last_seen":1432820624900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432820624900,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1432820624900,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820624900,"pkt":"ABoRAAACABoRAAABCABFAAA85gNAAEAGcjAKCAABnlU6Kq8TFGbeopMoAAAAAKACOQiB\/gAAAgQFtAQCCAoABHUrAAAAAAEDAwQ="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1432820625066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820625066,"pkt":"ABoRAAACABoRAAABCABFAAAoACpAABAGiB6eVToqCggAARRmrxMhXWzX3qKTKVAS\/\/8J0AAA"} @@ -53,8 +51,6 @@ 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1432820633802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820633802,"pkt":"ABoRAAACABoRAAABCABFAAA8gDdAAEAGI\/4KCAABrcDevaUBFGYwrPiRAAAAAKACOQgdJAAAAgQFtAQCCAoABHimAAAAAAEDAwQ="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1432820633803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820633803,"pkt":"ABoRAAACABoRAAABCABFAAAoADlAABAG1BCtwN69CggAARRmpQHPUwduMKz4klAS\/\/9f4wAA"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1432820633804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820633804,"pkt":"ABoRAAACABoRAAABCABFAAAogDhAAEAGJBEKCAABrcDevaUBFGYwrPiSz1MHb1AQOQgm3AAA"} -00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":5,"flow_first_seen":1432820569427,"flow_last_seen":1432820629171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -67,12 +63,16 @@ 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1432820681899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820681899,"pkt":"ABoRAAACABoRAAABCABFAAA8YBFAAEAG998KCAABnlU6bcI5FGZRO+t+AAAAAKACOQiNYgAAAgQFtAQCCAoABItvAAAAAAEDAwQ="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1432820681901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820681901,"pkt":"ABoRAAACABoRAAABCABFAAAoAFlAABAGh6yeVTptCggAARRmwjmuxBSBUTvrf1AS\/\/\/2ZgAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1432820681901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820681901,"pkt":"ABoRAAACABoRAAABCABFAAAoYBJAAEAG9\/IKCAABnlU6bcI5FGZRO+t\/rsQUglAQOQi9XwAA"} +00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":225,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1432820691631,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":225,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1432820691631,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":1,"flow_first_seen":1432820693796,"flow_last_seen":1432820693796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432820693796,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1432820693796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820693796,"pkt":"ABoRAAACABoRAAABCABFAAA8Y3lAAEAGKR4KCAABnlUFx8lyAbsu9\/NsAAAAAKACOQjjKgAAAgQFtAQCCAoABJAVAAAAAAEDAwQ="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1432820693846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820693846,"pkt":"ABoRAAACABoRAAABCABFAAAoAHNAABAGvDieVQXHCggAAQG7yXLRCAyTLvfzbVAS\/\/82fwAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1432820693846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820693846,"pkt":"ABoRAAACABoRAAABCABFAAAoY3pAAEAGKTEKCAABnlUFx8lyAbsu9\/Nt0QgMlFAQOQj9dwAA"} 00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packets_processed":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":2241,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":2241,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/whatsappfiles.pcap.out b/test/results/whatsappfiles.pcap.out index 1ddfb7643..32de1ad98 100644 --- a/test/results/whatsappfiles.pcap.out +++ b/test/results/whatsappfiles.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsappfiles.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsappfiles.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1519924083411,"flow_last_seen":1519924083411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1519924083411,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1519924083411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1519924083411,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1519924083501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1519924083501,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="} @@ -6,13 +6,13 @@ 00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":4,"flow_first_seen":1519924083411,"flow_last_seen":1519924083506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1519924083506,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1519924083411,"flow_last_seen":1519924083598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1641,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1519924083598,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 01279{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":8,"flow_first_seen":1519924083411,"flow_last_seen":1519924083599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3451,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1519924083599,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB"}} -00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":183524,"flow_avg_l4_payload_len":592,"midstream":0,"ts_msec":1519924240121,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1519924240121,"flow_last_seen":1519924240121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1519924240121,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1519924240121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1519924240121,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIiAbuCj0EnAAAAALDC\/\/+6MAAAAgQFtAEDAwYBAQgKKOd3WAAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1519924240177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1519924240177,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wiLPr2ypgo9BKKASbTgw1AAAAgQFggQCCAq3hjooKOd3WAEDAwg="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1519924240182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1519924240182,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIiAbuCj0Eoz69sqoAQCAXEZQAAAQEICijnd5W3hjoo"} 00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1519924240121,"flow_last_seen":1519924240183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1519924240183,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1519924240121,"flow_last_seen":1519924240244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1519924240244,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":183524,"flow_avg_l4_payload_len":592,"midstream":0,"ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":310,"flow_first_seen":1519924240121,"flow_last_seen":1519924247388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":226819,"flow_avg_l4_payload_len":731,"midstream":0,"ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","total-events-serialized":17} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/whois.pcapng.out b/test/results/whois.pcapng.out index d19c1df57..20cb9b8e1 100644 --- a/test/results/whois.pcapng.out +++ b/test/results/whois.pcapng.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whois.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whois.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1507397119066,"flow_last_seen":1507397119066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1507397119066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507397119066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1507397119066,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1507397119183,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"} diff --git a/test/results/wireguard.pcap.out b/test/results/wireguard.pcap.out index 83754db94..01f3ad9ec 100644 --- a/test/results/wireguard.pcap.out +++ b/test/results/wireguard.pcap.out @@ -1,4 +1,4 @@ -00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wireguard.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wireguard.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1563973554628,"flow_last_seen":1563973554628,"flow_idle_time":180000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":0,"ts_msec":1563973554628,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1563973554628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"ts_msec":1563973554628,"pkt":"OCxKuzMdABAY3q0FCABFAAM8FXkAADURYEKLosCdwKgADspsjRQDKLH1BAAAAL5AaY1rAAAAAAAAANUJ2VrXQI01RZfJr8PEwgZEhNNcu6x03VWSZ67dhAHHTWKcRpBFkk8NVHd\/C4D4pz\/puWqoUUxKuxxH6YlcxuxAvZFB0Na5O4CW6jEyMIx3UMKSHboRTInUKfs0ifRWz\/ah3LYVezBxxWAse8HA4hp9J+12MZT8TmyygIwyCCaeEvoUQjFc6leSZrAZpKnPNseLUtXq9seSkA+QHufBd5P\/nAxkid4Fwq057VLJqJcJvFJRIdSNrsUBNHlMd2O226LQDMo6+sXnZNRhM\/0lY6T99lZ2rtutA5g+LROCm\/BZLu+Ww0aOhZ9T5CPKvl1MXzbqDpHjEWohQohUG62HCabsLz2Pl6HJpafmxv\/xXmUvqTxvWO5iYVSI4YH0rzZVN3aVdPUxgXYG+W8rSU+st0bg\/OnAMZWFzotivj2mfqRsGMWV3egRFwhvlfe7Fuv0OvGM3s9ZvinFAlmQZqUDOt74G5zoedU\/69v6LWqjWqMgwmKLQ\/lMwt2MnS6hiTwk\/iqPpTIM8RYnxG13RvjKDr4JXT\/U7OnZL63BA8kKbkL5zeTL+gL4bvPs8T4bLqWJpX+KPgKK5qcCbrRIXtRaFjvffCmBHmxiams\/n7B6m2DssFWcjX1Ev1oBu1UMKN6t2aeneW6ZYl4Q+afpKmmTZbh75sYoA8rPXxM4Q6E\/CvQ8xKFJuG12US4vfj96Tg+HLqjTKQn0aT3tP\/WRrjoWHz5nOKAwY2ssdZ\/sOQ7Z4I975oMYqMkolPHC\/IQyZ00spefKrUv00QdKXcsmU90gzx2i\/XncJUiW6+cRr5y\/xIasdRDvxOeWrnEuyr4eneiO5Pi37MXP8f2E65R6K8EWKkhOt2QxypTL9OYJAB3d80dQUxikTgyJwcF9uQEqgJNA\/GZhO2rBxL\/P3ze0It5qd4umjz9rSz1Tj4x9V7iRrPWik7ncKTUF\/OLBOu3ao3EyUG8u2N+GMLh6DNMnc3AMj260R63yyZIj87BZpn+95duhzSfs8I4u6YbCy54JPpusEK7oluD\/Hy2\/DI77VPA2QYc="} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1563973554628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1563973554628,"pkt":"OCxKuzMdABAY3q0FCABFAACsFXoAADURYtGLosCdwKgADspsjRQAmIUlBAAAAL5AaY1sAAAAAAAAAApaAsrtXpH1hJEWMIaMon2Jp07DYKtFnos9KJ2dxNXsnPOlMw8teGIqqtQyAhfCvZKfSoj8FKmPC1PCtu8qqniK567s\/wF6cALr5IJXHXdFnmr1I94kKjzDU62XCT24xGedWrUZRek84+e2Fsx1lJJ6NR9cFgw9VnO9J77GX8hL"} diff --git a/test/results/youtube_quic.pcap.out b/test/results/youtube_quic.pcap.out index 3c3b9b9b5..3bc6d7839 100644 --- a/test/results/youtube_quic.pcap.out +++ b/test/results/youtube_quic.pcap.out @@ -1,4 +1,4 @@ -00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"youtube_quic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"youtube_quic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1489363823466,"flow_last_seen":1489363823466,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363823466,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1489363823466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1489363823466,"pkt":"gCqojWksxCwDBkn+CABFAAViKp8AAEARAADAqAEH2DrNQtbVAbsFTmyMDZNw4V58RG0IUTAzNQHEx\/Yat8K2lJx\/xfCgAQAEQ0hMTx0AAABQQUQABgEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tfyKC9MwN17piZVNU\/QkmmE3zDBRwXexEviTXtQHZlZT\/o0M3FJ3WOBZp5lL5RXIaTAX\/iszgW7Ui51EwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwAGp0dp4RQa9ev39thoVizX7vQxRkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAABoJX9SS1LMMIZlh9cGt32w74KlkbfLCJvYbB6phUnjYtV\/J7+3T+WICkKGmxl0apInEplRSWcqg\/3qI+CqJwNXZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmuees2jgEAnGVpdpNkhQuOQ0r1tyTPo1k8IEM71wOV+MDwud\/WmN8O\/bZt8M5S76zS6GQgUAsZfJUzhYMLh2DzCj0s2UxZDpdWlDQ\/KBiEO80tVmE+bGp5czdFQGnhi\/134fgolaoUotcrvEChNXZdSQ7ze+ZsVxVgDQIPLJn5KItVO0bNTbdFJlK9ck\/6gUes9AlK+Lowm7raNBTPfJpo34tpsNA3toSRqnAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1489363823466,"flow_last_seen":1489363823466,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363823466,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}} diff --git a/test/results/youtubeupload.pcap.out b/test/results/youtubeupload.pcap.out index 726aa964d..5ea6b91bc 100644 --- a/test/results/youtubeupload.pcap.out +++ b/test/results/youtubeupload.pcap.out @@ -1,4 +1,4 @@ -00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"youtubeupload.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"youtubeupload.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1511102576794,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1511102576794,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAT5AAIARbUHAqAIbrNkXb8rVAbsFThECDZHSvk7nMdgaUTAzOQFHnN3hyT1jd4lP+l6gAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAc5gRWgAAAABmJfKEu+Ky\/D790R+7T+2\/0X2\/pJXF+QSwhgBhJRTmB2QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}} diff --git a/test/results/z3950.pcapng.out b/test/results/z3950.pcapng.out index 1cc0dc335..7b5773906 100644 --- a/test/results/z3950.pcapng.out +++ b/test/results/z3950.pcapng.out @@ -1,4 +1,4 @@ -00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"z3950.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"z3950.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1623680697296,"flow_last_seen":1623680697296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623680697296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623680697296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1623680697296,"pkt":"eJS0JASgYDjgxTWgCABFAAA07vtAAH8Gl6\/AqAJkwa7wXeYpANJ85vsBAAAAAIAC+vCgIgAAAgQFtAEDAwgBAQQC"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623680697327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1623680697327,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADYGz6vBrvBdwKgCZADS5indlQhqfOb7AoAS+vC6GgAAAgQFrAEBBAIBAwMH"} diff --git a/test/results/zabbix.pcap.out b/test/results/zabbix.pcap.out index 2c419a245..77cd817ec 100644 --- a/test/results/zabbix.pcap.out +++ b/test/results/zabbix.pcap.out @@ -1,4 +1,4 @@ -00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zabbix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zabbix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1572254070608,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="} diff --git a/test/results/zcash.pcap.out b/test/results/zcash.pcap.out index 0dadf62c1..582dfed50 100644 --- a/test/results/zcash.pcap.out +++ b/test/results/zcash.pcap.out @@ -1,4 +1,4 @@ -00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zcash.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zcash.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1514196094240,"flow_last_seen":1514196094240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1514196094240,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196094240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196094240,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196094322,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} diff --git a/test/results/zoom.pcap.out b/test/results/zoom.pcap.out index 8faf54c77..1008ec584 100644 --- a/test/results/zoom.pcap.out +++ b/test/results/zoom.pcap.out @@ -1,4 +1,4 @@ -00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zoom.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zoom.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"ts_msec":1569520466080,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.googletagmanager.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} |